################################################################ # abuse.ch URLhaus IDS ruleset (Suricata only) # # Last updated: 2024-10-12 18:44:06 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.67.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231818/; classtype:trojan-activity;sid:84094918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.182.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231816/; classtype:trojan-activity;sid:84094916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.176.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231817/; classtype:trojan-activity;sid:84094917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.113.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231815/; classtype:trojan-activity;sid:84094915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.203.224.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231814/; classtype:trojan-activity;sid:84094914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.192.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231812/; classtype:trojan-activity;sid:84094912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.12.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231813/; classtype:trojan-activity;sid:84094913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.8.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231811/; classtype:trojan-activity;sid:84094911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.254.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231810/; classtype:trojan-activity;sid:84094910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.51.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231809/; classtype:trojan-activity;sid:84094909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231808/; classtype:trojan-activity;sid:84094908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231807/; classtype:trojan-activity;sid:84094907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.81.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231806/; classtype:trojan-activity;sid:84094906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.16.117"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231805/; classtype:trojan-activity;sid:84094905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.178.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231804/; classtype:trojan-activity;sid:84094904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.255.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231801/; classtype:trojan-activity;sid:84094901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.139.243.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231802/; classtype:trojan-activity;sid:84094902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.214.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231803/; classtype:trojan-activity;sid:84094903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.104.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231800/; classtype:trojan-activity;sid:84094900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.251.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231799/; classtype:trojan-activity;sid:84094899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.50.190.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231798/; classtype:trojan-activity;sid:84094898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.96.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231797/; classtype:trojan-activity;sid:84094897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/16737801/wave.zip|3f|"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.66.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231795/; classtype:trojan-activity;sid:84094895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/16419615/solara.zip"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.87.27.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231793/; classtype:trojan-activity;sid:84094893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.226.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231792/; classtype:trojan-activity;sid:84094892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.203.224.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231791/; classtype:trojan-activity;sid:84094891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.118.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231790/; classtype:trojan-activity;sid:84094890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.160.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231789/; classtype:trojan-activity;sid:84094889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.254.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231788/; classtype:trojan-activity;sid:84094888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.8.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231787/; classtype:trojan-activity;sid:84094887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231786/; classtype:trojan-activity;sid:84094886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.255.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231785/; classtype:trojan-activity;sid:84094885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231784/; classtype:trojan-activity;sid:84094884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.160.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231783/; classtype:trojan-activity;sid:84094883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.244.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231782/; classtype:trojan-activity;sid:84094882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.179.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231781/; classtype:trojan-activity;sid:84094881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.96.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231780/; classtype:trojan-activity;sid:84094880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.118.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231778/; classtype:trojan-activity;sid:84094878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.66.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231777/; classtype:trojan-activity;sid:84094877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.104.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231776/; classtype:trojan-activity;sid:84094876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.85.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231775/; classtype:trojan-activity;sid:84094875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.197.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231773/; classtype:trojan-activity;sid:84094873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.71.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231774/; classtype:trojan-activity;sid:84094874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.53.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231772/; classtype:trojan-activity;sid:84094872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.118.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231771/; classtype:trojan-activity;sid:84094871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.72.87.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231770/; classtype:trojan-activity;sid:84094870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.72.60.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231769/; classtype:trojan-activity;sid:84094869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.245.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231768/; classtype:trojan-activity;sid:84094868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.205.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231767/; classtype:trojan-activity;sid:84094867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.122.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231766/; classtype:trojan-activity;sid:84094866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.21.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231765/; classtype:trojan-activity;sid:84094865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.149.73.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231763/; classtype:trojan-activity;sid:84094863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.166.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231764/; classtype:trojan-activity;sid:84094864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.118.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231762/; classtype:trojan-activity;sid:84094862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.244.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231761/; classtype:trojan-activity;sid:84094861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.175.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231760/; classtype:trojan-activity;sid:84094860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.18.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231759/; classtype:trojan-activity;sid:84094859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.142.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231758/; classtype:trojan-activity;sid:84094858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.172.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231756/; classtype:trojan-activity;sid:84094856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.32.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231755/; classtype:trojan-activity;sid:84094855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.49.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231754/; classtype:trojan-activity;sid:84094854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.179.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231753/; classtype:trojan-activity;sid:84094853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.56.75.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231751/; classtype:trojan-activity;sid:84094851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.4.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231752/; classtype:trojan-activity;sid:84094852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.6.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231750/; classtype:trojan-activity;sid:84094850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.251.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231749/; classtype:trojan-activity;sid:84094849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.216.154.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231748/; classtype:trojan-activity;sid:84094848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.72.60.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231747/; classtype:trojan-activity;sid:84094847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.197.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231746/; classtype:trojan-activity;sid:84094846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkbfi86"; depth:8; endswith; nocase; http.host; content:"server.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231745/; classtype:trojan-activity;sid:84094845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.71.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231744/; classtype:trojan-activity;sid:84094844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.81.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231743/; classtype:trojan-activity;sid:84094843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.59.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231742/; classtype:trojan-activity;sid:84094842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.13.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231741/; classtype:trojan-activity;sid:84094841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.116.122.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231740/; classtype:trojan-activity;sid:84094840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.154.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231739/; classtype:trojan-activity;sid:84094839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.53.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231738/; classtype:trojan-activity;sid:84094838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.14.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231737/; classtype:trojan-activity;sid:84094837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.142.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231736/; classtype:trojan-activity;sid:84094836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.189.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231735/; classtype:trojan-activity;sid:84094835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.251.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231734/; classtype:trojan-activity;sid:84094834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231733/; classtype:trojan-activity;sid:84094833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.72.60.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231732/; classtype:trojan-activity;sid:84094832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.55.101.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231731/; classtype:trojan-activity;sid:84094831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231730/; classtype:trojan-activity;sid:84094830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.135.123.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231729/; classtype:trojan-activity;sid:84094829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.32.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231727/; classtype:trojan-activity;sid:84094827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"167.71.62.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231726/; classtype:trojan-activity;sid:84094826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"167.71.62.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231718/; classtype:trojan-activity;sid:84094818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"167.71.62.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231719/; classtype:trojan-activity;sid:84094819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"167.71.62.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231720/; classtype:trojan-activity;sid:84094820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"167.71.62.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231721/; classtype:trojan-activity;sid:84094821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"167.71.62.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231722/; classtype:trojan-activity;sid:84094822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"167.71.62.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231723/; classtype:trojan-activity;sid:84094823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"167.71.62.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231724/; classtype:trojan-activity;sid:84094824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"167.71.62.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231717/; classtype:trojan-activity;sid:84094817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.175.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231716/; classtype:trojan-activity;sid:84094816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.18.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231715/; classtype:trojan-activity;sid:84094815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.172.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231714/; classtype:trojan-activity;sid:84094814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.4.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231713/; classtype:trojan-activity;sid:84094813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.44.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231712/; classtype:trojan-activity;sid:84094812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.239.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231711/; classtype:trojan-activity;sid:84094811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.6.175"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231710/; classtype:trojan-activity;sid:84094810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.155.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231709/; classtype:trojan-activity;sid:84094809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.134.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231708/; classtype:trojan-activity;sid:84094808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.165.23.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231707/; classtype:trojan-activity;sid:84094807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.78.21.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231706/; classtype:trojan-activity;sid:84094806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.184.135.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231705/; classtype:trojan-activity;sid:84094805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.163.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231704/; classtype:trojan-activity;sid:84094804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.116.122.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231703/; classtype:trojan-activity;sid:84094803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.154.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231702/; classtype:trojan-activity;sid:84094802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.28.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231701/; classtype:trojan-activity;sid:84094801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.240.63.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231700/; classtype:trojan-activity;sid:84094800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.163.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231699/; classtype:trojan-activity;sid:84094799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.32.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231698/; classtype:trojan-activity;sid:84094798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231697/; classtype:trojan-activity;sid:84094797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.15.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231696/; classtype:trojan-activity;sid:84094796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.228.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231695/; classtype:trojan-activity;sid:84094795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.6.175"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231694/; classtype:trojan-activity;sid:84094794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.222.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231693/; classtype:trojan-activity;sid:84094793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.105.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231692/; classtype:trojan-activity;sid:84094792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.1.241"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231691/; classtype:trojan-activity;sid:84094791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.248.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231690/; classtype:trojan-activity;sid:84094790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.226.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231689/; classtype:trojan-activity;sid:84094789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.101.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231687/; classtype:trojan-activity;sid:84094787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.105.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231685/; classtype:trojan-activity;sid:84094785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.115.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231684/; classtype:trojan-activity;sid:84094784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"211.137.183.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231683/; classtype:trojan-activity;sid:84094783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.216.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231682/; classtype:trojan-activity;sid:84094782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.113.130.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231681/; classtype:trojan-activity;sid:84094781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231680/; classtype:trojan-activity;sid:84094780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.228.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231678/; classtype:trojan-activity;sid:84094778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.222.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231677/; classtype:trojan-activity;sid:84094777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.41.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231676/; classtype:trojan-activity;sid:84094776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.88.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231675/; classtype:trojan-activity;sid:84094775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.28.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231674/; classtype:trojan-activity;sid:84094774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.63.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231673/; classtype:trojan-activity;sid:84094773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.47.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231672/; classtype:trojan-activity;sid:84094772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.44.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231671/; classtype:trojan-activity;sid:84094771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.58.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231669/; classtype:trojan-activity;sid:84094769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.188.253.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231668/; classtype:trojan-activity;sid:84094768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"211.137.183.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231667/; classtype:trojan-activity;sid:84094767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.129.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231665/; classtype:trojan-activity;sid:84094765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.216.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231666/; classtype:trojan-activity;sid:84094766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.125.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231664/; classtype:trojan-activity;sid:84094764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.184.123.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231663/; classtype:trojan-activity;sid:84094763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.20.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231662/; classtype:trojan-activity;sid:84094762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.1.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231661/; classtype:trojan-activity;sid:84094761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.3.15.0"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231659/; classtype:trojan-activity;sid:84094759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.178.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231657/; classtype:trojan-activity;sid:84094757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.138.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231656/; classtype:trojan-activity;sid:84094756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.71.19.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231655/; classtype:trojan-activity;sid:84094755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.63.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231654/; classtype:trojan-activity;sid:84094754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.216.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231653/; classtype:trojan-activity;sid:84094753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.44.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231652/; classtype:trojan-activity;sid:84094752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.171.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231650/; classtype:trojan-activity;sid:84094750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.197.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231651/; classtype:trojan-activity;sid:84094751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.41.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231649/; classtype:trojan-activity;sid:84094749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.108.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231648/; classtype:trojan-activity;sid:84094748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.206.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231647/; classtype:trojan-activity;sid:84094747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.44.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231645/; classtype:trojan-activity;sid:84094745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.13.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231644/; classtype:trojan-activity;sid:84094744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231643/; classtype:trojan-activity;sid:84094743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.53.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231642/; classtype:trojan-activity;sid:84094742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.71.19.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231641/; classtype:trojan-activity;sid:84094741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.230.186.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231640/; classtype:trojan-activity;sid:84094740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.84.175.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231639/; classtype:trojan-activity;sid:84094739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.108.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231638/; classtype:trojan-activity;sid:84094738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.227.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231637/; classtype:trojan-activity;sid:84094737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.171.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231636/; classtype:trojan-activity;sid:84094736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.226.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231635/; classtype:trojan-activity;sid:84094735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.157.144.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231634/; classtype:trojan-activity;sid:84094734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.47.150.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231632/; classtype:trojan-activity;sid:84094732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.150.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231631/; classtype:trojan-activity;sid:84094731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.210.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231629/; classtype:trojan-activity;sid:84094729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.161.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231630/; classtype:trojan-activity;sid:84094730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/450/taskhostw.exe"; depth:18; endswith; nocase; http.host; content:"104.168.7.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231628/; classtype:trojan-activity;sid:84094728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/ew/wecreatednewthigsforsuccessfulljournecyr________verynicepeoplesetirethigstogoformegreat________________nnicwaytoentreithigntochangewithmegreat.doc"; depth:156; endswith; nocase; http.host; content:"104.168.7.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231627/; classtype:trojan-activity;sid:84094727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.135.123.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231625/; classtype:trojan-activity;sid:84094725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.100.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231624/; classtype:trojan-activity;sid:84094724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.161.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231623/; classtype:trojan-activity;sid:84094723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231622/; classtype:trojan-activity;sid:84094722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.30.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231621/; classtype:trojan-activity;sid:84094721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.16.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231620/; classtype:trojan-activity;sid:84094720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.249.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231619/; classtype:trojan-activity;sid:84094719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.117.252.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231618/; classtype:trojan-activity;sid:84094718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.50.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231617/; classtype:trojan-activity;sid:84094717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jk9kxqag165stbusn2xwqr52mdremauev8"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231614/; classtype:trojan-activity;sid:84094714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byyv5kgnhtrvsezncwmue3wylm6soxy3jh"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231607/; classtype:trojan-activity;sid:84094707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/utf7e3eqaj0fa5aiw8q3udojslbbizimvp"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231611/; classtype:trojan-activity;sid:84094711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.178.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231604/; classtype:trojan-activity;sid:84094704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.244.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231605/; classtype:trojan-activity;sid:84094705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.142.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231603/; classtype:trojan-activity;sid:84094703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.230.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231602/; classtype:trojan-activity;sid:84094702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a43eb2d9880da9a6/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"178.63.215.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231600/; classtype:trojan-activity;sid:84094700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a43eb2d9880da9a6/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"178.63.215.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231599/; classtype:trojan-activity;sid:84094699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a43eb2d9880da9a6/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"178.63.215.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231597/; classtype:trojan-activity;sid:84094697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a43eb2d9880da9a6/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"178.63.215.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231598/; classtype:trojan-activity;sid:84094698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a43eb2d9880da9a6/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"178.63.215.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231594/; classtype:trojan-activity;sid:84094694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a43eb2d9880da9a6/nss3.dll"; depth:26; endswith; nocase; http.host; content:"178.63.215.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231595/; classtype:trojan-activity;sid:84094695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a43eb2d9880da9a6/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"178.63.215.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231596/; classtype:trojan-activity;sid:84094696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.140.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231592/; classtype:trojan-activity;sid:84094692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"194.120.116.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231590/; classtype:trojan-activity;sid:84094690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"194.120.116.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231588/; classtype:trojan-activity;sid:84094688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"194.120.116.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231586/; classtype:trojan-activity;sid:84094686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"194.120.116.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231587/; classtype:trojan-activity;sid:84094687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"194.120.116.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231585/; classtype:trojan-activity;sid:84094685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"194.120.116.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231584/; classtype:trojan-activity;sid:84094684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"194.120.116.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231583/; classtype:trojan-activity;sid:84094683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"194.120.116.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231582/; classtype:trojan-activity;sid:84094682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"194.120.116.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231579/; classtype:trojan-activity;sid:84094679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"194.120.116.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231580/; classtype:trojan-activity;sid:84094680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"194.120.116.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231581/; classtype:trojan-activity;sid:84094681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/uajdwhgfxuebpdzzmekewyrfjrrycxysuf"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231575/; classtype:trojan-activity;sid:84094675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gqovtsexomyg8waqytj5z1quhfc7kmmigi"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231577/; classtype:trojan-activity;sid:84094677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.199.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231571/; classtype:trojan-activity;sid:84094671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.163.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231572/; classtype:trojan-activity;sid:84094672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.16.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231573/; classtype:trojan-activity;sid:84094673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.188.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231569/; classtype:trojan-activity;sid:84094669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.10.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231570/; classtype:trojan-activity;sid:84094670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.124.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231568/; classtype:trojan-activity;sid:84094668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.20.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231567/; classtype:trojan-activity;sid:84094667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.50.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231566/; classtype:trojan-activity;sid:84094666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.244.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231565/; classtype:trojan-activity;sid:84094665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.65.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231564/; classtype:trojan-activity;sid:84094664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.178.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231563/; classtype:trojan-activity;sid:84094663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.60.250.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231562/; classtype:trojan-activity;sid:84094662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.39.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231560/; classtype:trojan-activity;sid:84094660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.194.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231561/; classtype:trojan-activity;sid:84094661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.159.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231558/; classtype:trojan-activity;sid:84094658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.203.182.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231557/; classtype:trojan-activity;sid:84094657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.210.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231556/; classtype:trojan-activity;sid:84094656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.64.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231555/; classtype:trojan-activity;sid:84094655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.204.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231554/; classtype:trojan-activity;sid:84094654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.6.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231552/; classtype:trojan-activity;sid:84094652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.122.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231551/; classtype:trojan-activity;sid:84094651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.28.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231550/; classtype:trojan-activity;sid:84094650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.242.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231548/; classtype:trojan-activity;sid:84094648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.9.251"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231547/; classtype:trojan-activity;sid:84094647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.181.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231546/; classtype:trojan-activity;sid:84094646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.167.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231543/; classtype:trojan-activity;sid:84094643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.200.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231544/; classtype:trojan-activity;sid:84094644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.247.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231541/; classtype:trojan-activity;sid:84094641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.116.247.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231540/; classtype:trojan-activity;sid:84094640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.159.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231539/; classtype:trojan-activity;sid:84094639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.232.193.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231538/; classtype:trojan-activity;sid:84094638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.6.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231537/; classtype:trojan-activity;sid:84094637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231536/; classtype:trojan-activity;sid:84094636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.202.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231535/; classtype:trojan-activity;sid:84094635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231534/; classtype:trojan-activity;sid:84094634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.182.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231532/; classtype:trojan-activity;sid:84094632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.220.90.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231531/; classtype:trojan-activity;sid:84094631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.200.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231530/; classtype:trojan-activity;sid:84094630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.28.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231529/; classtype:trojan-activity;sid:84094629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.17.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231527/; classtype:trojan-activity;sid:84094627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"154.216.17.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231528/; classtype:trojan-activity;sid:84094628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.17.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231524/; classtype:trojan-activity;sid:84094624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol.mips"; depth:9; endswith; nocase; http.host; content:"89.190.156.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231525/; classtype:trojan-activity;sid:84094625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.178.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231526/; classtype:trojan-activity;sid:84094626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.80.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231523/; classtype:trojan-activity;sid:84094623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.89.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231522/; classtype:trojan-activity;sid:84094622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"153.36.253.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231519/; classtype:trojan-activity;sid:84094619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.0.109.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231520/; classtype:trojan-activity;sid:84094620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.4.175.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231521/; classtype:trojan-activity;sid:84094621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.20.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231518/; classtype:trojan-activity;sid:84094618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.167.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231517/; classtype:trojan-activity;sid:84094617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.230.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231516/; classtype:trojan-activity;sid:84094616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.177.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231513/; classtype:trojan-activity;sid:84094613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.113.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231512/; classtype:trojan-activity;sid:84094612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.31.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231510/; classtype:trojan-activity;sid:84094610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.58.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231509/; classtype:trojan-activity;sid:84094609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.15.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231507/; classtype:trojan-activity;sid:84094607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.141.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231506/; classtype:trojan-activity;sid:84094606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.217.43.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231505/; classtype:trojan-activity;sid:84094605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.15.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231504/; classtype:trojan-activity;sid:84094604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.220.138.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231503/; classtype:trojan-activity;sid:84094603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.217.94.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231502/; classtype:trojan-activity;sid:84094602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.137.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231501/; classtype:trojan-activity;sid:84094601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.233.170.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231500/; classtype:trojan-activity;sid:84094600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.20.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231498/; classtype:trojan-activity;sid:84094598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.77.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231497/; classtype:trojan-activity;sid:84094597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"89.190.156.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231496/; classtype:trojan-activity;sid:84094596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"89.190.156.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231493/; classtype:trojan-activity;sid:84094593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol.mpsl"; depth:9; endswith; nocase; http.host; content:"89.190.156.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231494/; classtype:trojan-activity;sid:84094594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"server.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231495/; classtype:trojan-activity;sid:84094595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.mips"; depth:10; endswith; nocase; http.host; content:"190.123.46.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231490/; classtype:trojan-activity;sid:84094590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"89.190.156.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231491/; classtype:trojan-activity;sid:84094591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"89.190.156.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231492/; classtype:trojan-activity;sid:84094592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"89.190.156.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231488/; classtype:trojan-activity;sid:84094588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.mpsl"; depth:10; endswith; nocase; http.host; content:"190.123.46.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231489/; classtype:trojan-activity;sid:84094589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231487/; classtype:trojan-activity;sid:84094587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.153.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231483/; classtype:trojan-activity;sid:84094583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.176.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231482/; classtype:trojan-activity;sid:84094582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.109.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231481/; classtype:trojan-activity;sid:84094581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.21.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231480/; classtype:trojan-activity;sid:84094580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.136.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231478/; classtype:trojan-activity;sid:84094578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.141.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231477/; classtype:trojan-activity;sid:84094577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.137.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231475/; classtype:trojan-activity;sid:84094575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.182.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231474/; classtype:trojan-activity;sid:84094574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.233.170.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231473/; classtype:trojan-activity;sid:84094573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.0.205"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231467/; classtype:trojan-activity;sid:84094567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.124.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231466/; classtype:trojan-activity;sid:84094566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.65.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231464/; classtype:trojan-activity;sid:84094564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.109.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231465/; classtype:trojan-activity;sid:84094565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.24.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231463/; classtype:trojan-activity;sid:84094563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.182.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231462/; classtype:trojan-activity;sid:84094562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.78.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231461/; classtype:trojan-activity;sid:84094561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.19.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231460/; classtype:trojan-activity;sid:84094560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.113.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231457/; classtype:trojan-activity;sid:84094557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.65.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231456/; classtype:trojan-activity;sid:84094556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.8.50"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231455/; classtype:trojan-activity;sid:84094555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.163.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231453/; classtype:trojan-activity;sid:84094553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.198.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231447/; classtype:trojan-activity;sid:84094547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.198.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231448/; classtype:trojan-activity;sid:84094548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.15.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231445/; classtype:trojan-activity;sid:84094545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.30.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231442/; classtype:trojan-activity;sid:84094542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.46.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231441/; classtype:trojan-activity;sid:84094541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.200.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231440/; classtype:trojan-activity;sid:84094540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.41.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231438/; classtype:trojan-activity;sid:84094538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.113.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231437/; classtype:trojan-activity;sid:84094537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.8.50"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231436/; classtype:trojan-activity;sid:84094536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.176.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231435/; classtype:trojan-activity;sid:84094535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.53.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231433/; classtype:trojan-activity;sid:84094533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.46.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231431/; classtype:trojan-activity;sid:84094531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.232.207.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231430/; classtype:trojan-activity;sid:84094530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.24.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231429/; classtype:trojan-activity;sid:84094529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.241.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231428/; classtype:trojan-activity;sid:84094528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.122.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231426/; classtype:trojan-activity;sid:84094526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.53.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231425/; classtype:trojan-activity;sid:84094525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.152.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231424/; classtype:trojan-activity;sid:84094524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.94.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231423/; classtype:trojan-activity;sid:84094523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.40.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231422/; classtype:trojan-activity;sid:84094522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.137.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231421/; classtype:trojan-activity;sid:84094521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.122.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231420/; classtype:trojan-activity;sid:84094520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/4.exe"; depth:12; endswith; nocase; http.host; content:"103.130.147.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231419/; classtype:trojan-activity;sid:84094519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.252.76.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231416/; classtype:trojan-activity;sid:84094516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.126.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231415/; classtype:trojan-activity;sid:84094515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.6.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231413/; classtype:trojan-activity;sid:84094513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.24.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231410/; classtype:trojan-activity;sid:84094510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.152.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231411/; classtype:trojan-activity;sid:84094511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.118.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231408/; classtype:trojan-activity;sid:84094508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.112.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231405/; classtype:trojan-activity;sid:84094505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.78.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231404/; classtype:trojan-activity;sid:84094504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.9.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231403/; classtype:trojan-activity;sid:84094503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.6.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231402/; classtype:trojan-activity;sid:84094502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.120.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231401/; classtype:trojan-activity;sid:84094501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.62.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231400/; classtype:trojan-activity;sid:84094500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.180.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231399/; classtype:trojan-activity;sid:84094499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.163.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231398/; classtype:trojan-activity;sid:84094498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231397/; classtype:trojan-activity;sid:84094497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.159.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231396/; classtype:trojan-activity;sid:84094496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.183.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231395/; classtype:trojan-activity;sid:84094495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.178.198.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231394/; classtype:trojan-activity;sid:84094494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.215.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231393/; classtype:trojan-activity;sid:84094493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.135.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231392/; classtype:trojan-activity;sid:84094492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.75.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231390/; classtype:trojan-activity;sid:84094490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.22.246.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231389/; classtype:trojan-activity;sid:84094489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.96.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231387/; classtype:trojan-activity;sid:84094487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.98.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231385/; classtype:trojan-activity;sid:84094485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.46.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231382/; classtype:trojan-activity;sid:84094482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.2.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231380/; classtype:trojan-activity;sid:84094480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.80.18.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231377/; classtype:trojan-activity;sid:84094477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.163.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231376/; classtype:trojan-activity;sid:84094476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"149.255.15.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231375/; classtype:trojan-activity;sid:84094475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.135.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231374/; classtype:trojan-activity;sid:84094474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.215.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231372/; classtype:trojan-activity;sid:84094472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.70.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231371/; classtype:trojan-activity;sid:84094471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.186.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231370/; classtype:trojan-activity;sid:84094470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.236.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231369/; classtype:trojan-activity;sid:84094469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.244.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231367/; classtype:trojan-activity;sid:84094467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.10.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231368/; classtype:trojan-activity;sid:84094468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.87.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231364/; classtype:trojan-activity;sid:84094464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.50.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231363/; classtype:trojan-activity;sid:84094463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.171.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231361/; classtype:trojan-activity;sid:84094461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.31.230.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231362/; classtype:trojan-activity;sid:84094462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.24.128.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231360/; classtype:trojan-activity;sid:84094460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.16.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231359/; classtype:trojan-activity;sid:84094459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.2.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231351/; classtype:trojan-activity;sid:84094451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.19.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231348/; classtype:trojan-activity;sid:84094448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.98.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231345/; classtype:trojan-activity;sid:84094445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.22.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231342/; classtype:trojan-activity;sid:84094442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.70.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231341/; classtype:trojan-activity;sid:84094441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.22.246.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231340/; classtype:trojan-activity;sid:84094440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.205.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231339/; classtype:trojan-activity;sid:84094439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.34.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231337/; classtype:trojan-activity;sid:84094437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.244.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231334/; classtype:trojan-activity;sid:84094434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.236.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231333/; classtype:trojan-activity;sid:84094433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231331/; classtype:trojan-activity;sid:84094431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.12.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231329/; classtype:trojan-activity;sid:84094429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.117.244.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231328/; classtype:trojan-activity;sid:84094428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.254.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231327/; classtype:trojan-activity;sid:84094427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.2.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231325/; classtype:trojan-activity;sid:84094425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.56.75.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231324/; classtype:trojan-activity;sid:84094424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.238.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231323/; classtype:trojan-activity;sid:84094423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.101.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231321/; classtype:trojan-activity;sid:84094421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.122.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231322/; classtype:trojan-activity;sid:84094422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.23.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231320/; classtype:trojan-activity;sid:84094420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.130.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231319/; classtype:trojan-activity;sid:84094419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.54.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231318/; classtype:trojan-activity;sid:84094418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.13.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231316/; classtype:trojan-activity;sid:84094416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231315/; classtype:trojan-activity;sid:84094415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.34.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231311/; classtype:trojan-activity;sid:84094411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.59.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231310/; classtype:trojan-activity;sid:84094410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.6.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231308/; classtype:trojan-activity;sid:84094408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.12.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231306/; classtype:trojan-activity;sid:84094406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.237.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231305/; classtype:trojan-activity;sid:84094405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.122.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231304/; classtype:trojan-activity;sid:84094404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.134.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231303/; classtype:trojan-activity;sid:84094403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.117.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231298/; classtype:trojan-activity;sid:84094398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.130.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231297/; classtype:trojan-activity;sid:84094397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.0.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231293/; classtype:trojan-activity;sid:84094393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.103.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231292/; classtype:trojan-activity;sid:84094392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.101.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231290/; classtype:trojan-activity;sid:84094390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231289/; classtype:trojan-activity;sid:84094389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.117.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231288/; classtype:trojan-activity;sid:84094388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231287/; classtype:trojan-activity;sid:84094387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.48.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231283/; classtype:trojan-activity;sid:84094383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.97.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231282/; classtype:trojan-activity;sid:84094382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.10.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231280/; classtype:trojan-activity;sid:84094380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.2.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231279/; classtype:trojan-activity;sid:84094379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.237.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231278/; classtype:trojan-activity;sid:84094378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.117.244.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231276/; classtype:trojan-activity;sid:84094376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.17.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231275/; classtype:trojan-activity;sid:84094375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.154.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231272/; classtype:trojan-activity;sid:84094372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.178.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231273/; classtype:trojan-activity;sid:84094373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.97.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231271/; classtype:trojan-activity;sid:84094371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.152.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231270/; classtype:trojan-activity;sid:84094370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.35.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231269/; classtype:trojan-activity;sid:84094369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.0.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231267/; classtype:trojan-activity;sid:84094367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.194.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231266/; classtype:trojan-activity;sid:84094366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.2.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231265/; classtype:trojan-activity;sid:84094365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.210.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231264/; classtype:trojan-activity;sid:84094364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.91.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231263/; classtype:trojan-activity;sid:84094363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.15.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231259/; classtype:trojan-activity;sid:84094359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.195.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231258/; classtype:trojan-activity;sid:84094358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.177.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231257/; classtype:trojan-activity;sid:84094357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.144.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231256/; classtype:trojan-activity;sid:84094356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.217.95.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231255/; classtype:trojan-activity;sid:84094355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.153.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231254/; classtype:trojan-activity;sid:84094354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.178.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231253/; classtype:trojan-activity;sid:84094353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.103.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231252/; classtype:trojan-activity;sid:84094352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.93.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231249/; classtype:trojan-activity;sid:84094349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.33.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231248/; classtype:trojan-activity;sid:84094348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.154.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231242/; classtype:trojan-activity;sid:84094342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.63.85.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231241/; classtype:trojan-activity;sid:84094341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.209.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231239/; classtype:trojan-activity;sid:84094339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.52.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231238/; classtype:trojan-activity;sid:84094338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.180.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231237/; classtype:trojan-activity;sid:84094337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.195.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231236/; classtype:trojan-activity;sid:84094336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.21.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231235/; classtype:trojan-activity;sid:84094335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.148.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231233/; classtype:trojan-activity;sid:84094333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.83.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231231/; classtype:trojan-activity;sid:84094331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.45.56.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231229/; classtype:trojan-activity;sid:84094329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.25.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231228/; classtype:trojan-activity;sid:84094328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.144.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231227/; classtype:trojan-activity;sid:84094327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.217.95.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231225/; classtype:trojan-activity;sid:84094325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptersandtoolsoficial/zip/refs/heads/main/detahnote_j.jpg"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231223/; classtype:trojan-activity;sid:84094323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.227.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231222/; classtype:trojan-activity;sid:84094322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.35.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231220/; classtype:trojan-activity;sid:84094320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.48.115.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231217/; classtype:trojan-activity;sid:84094317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.63.85.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231215/; classtype:trojan-activity;sid:84094315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.222.32.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231214/; classtype:trojan-activity;sid:84094314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.91.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231213/; classtype:trojan-activity;sid:84094313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.230.38.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231212/; classtype:trojan-activity;sid:84094312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.31.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231210/; classtype:trojan-activity;sid:84094310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.21.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231207/; classtype:trojan-activity;sid:84094307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.209.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231205/; classtype:trojan-activity;sid:84094305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.148.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231202/; classtype:trojan-activity;sid:84094302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.224.176.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231185/; classtype:trojan-activity;sid:84094285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.228.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231184/; classtype:trojan-activity;sid:84094284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231181/; classtype:trojan-activity;sid:84094281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231182/; classtype:trojan-activity;sid:84094282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231183/; classtype:trojan-activity;sid:84094283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231177/; classtype:trojan-activity;sid:84094277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i486"; depth:23; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231178/; classtype:trojan-activity;sid:84094278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231179/; classtype:trojan-activity;sid:84094279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231172/; classtype:trojan-activity;sid:84094272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231173/; classtype:trojan-activity;sid:84094273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231174/; classtype:trojan-activity;sid:84094274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231175/; classtype:trojan-activity;sid:84094275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231176/; classtype:trojan-activity;sid:84094276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231167/; classtype:trojan-activity;sid:84094267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231168/; classtype:trojan-activity;sid:84094268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231169/; classtype:trojan-activity;sid:84094269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231170/; classtype:trojan-activity;sid:84094270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"93.123.109.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231171/; classtype:trojan-activity;sid:84094271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.222.32.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231165/; classtype:trojan-activity;sid:84094265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snype.arm6"; depth:11; endswith; nocase; http.host; content:"45.95.169.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231166/; classtype:trojan-activity;sid:84094266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.39.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231163/; classtype:trojan-activity;sid:84094263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.230.38.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231160/; classtype:trojan-activity;sid:84094260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.218.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231159/; classtype:trojan-activity;sid:84094259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.195.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231158/; classtype:trojan-activity;sid:84094258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.54.231.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231155/; classtype:trojan-activity;sid:84094255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.37.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231153/; classtype:trojan-activity;sid:84094253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.196.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231149/; classtype:trojan-activity;sid:84094249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.188.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231143/; classtype:trojan-activity;sid:84094243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.244.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231142/; classtype:trojan-activity;sid:84094242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.196.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231140/; classtype:trojan-activity;sid:84094240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.95.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231141/; classtype:trojan-activity;sid:84094241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.209.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231139/; classtype:trojan-activity;sid:84094239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.155.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231132/; classtype:trojan-activity;sid:84094232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.117.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231127/; classtype:trojan-activity;sid:84094227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.218.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231126/; classtype:trojan-activity;sid:84094226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.153.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231125/; classtype:trojan-activity;sid:84094225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.101.80.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231124/; classtype:trojan-activity;sid:84094224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.107.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231120/; classtype:trojan-activity;sid:84094220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.13.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231116/; classtype:trojan-activity;sid:84094216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.182.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231114/; classtype:trojan-activity;sid:84094214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.39.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231113/; classtype:trojan-activity;sid:84094213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/player/6709826e9ef52_win.exe"; depth:29; endswith; nocase; http.host; content:"sftp.wddidgo.site"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231112/; classtype:trojan-activity;sid:84094212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.225.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231109/; classtype:trojan-activity;sid:84094209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrp.exe"; depth:9; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231110/; classtype:trojan-activity;sid:84094210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.208.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231106/; classtype:trojan-activity;sid:84094206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.127.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231104/; classtype:trojan-activity;sid:84094204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.72.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231102/; classtype:trojan-activity;sid:84094202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.208.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231100/; classtype:trojan-activity;sid:84094200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.164.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231099/; classtype:trojan-activity;sid:84094199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.117.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231094/; classtype:trojan-activity;sid:84094194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.43.160.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231093/; classtype:trojan-activity;sid:84094193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.230.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231090/; classtype:trojan-activity;sid:84094190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.162.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231089/; classtype:trojan-activity;sid:84094189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.141.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231088/; classtype:trojan-activity;sid:84094188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.101.80.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231086/; classtype:trojan-activity;sid:84094186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.240.249.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231087/; classtype:trojan-activity;sid:84094187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.182.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231085/; classtype:trojan-activity;sid:84094185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.184.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231083/; classtype:trojan-activity;sid:84094183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.168.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231082/; classtype:trojan-activity;sid:84094182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.225.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231080/; classtype:trojan-activity;sid:84094180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.0.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231078/; classtype:trojan-activity;sid:84094178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.230.156.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231075/; classtype:trojan-activity;sid:84094175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.80.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231073/; classtype:trojan-activity;sid:84094173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.53.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231074/; classtype:trojan-activity;sid:84094174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.0.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231071/; classtype:trojan-activity;sid:84094171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.87.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231070/; classtype:trojan-activity;sid:84094170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.176.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231067/; classtype:trojan-activity;sid:84094167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/67065b4c84713_javiles.exe"; depth:30; endswith; nocase; http.host; content:"app.rtpdgox.info"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231063/; classtype:trojan-activity;sid:84094163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.151.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231061/; classtype:trojan-activity;sid:84094161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.162.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231059/; classtype:trojan-activity;sid:84094159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/0a839761915d.exe"; depth:21; endswith; nocase; http.host; content:"app.rtpdgox.info"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231057/; classtype:trojan-activity;sid:84094157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/player/670937a58778f_lisiofirendes.exe"; depth:39; endswith; nocase; http.host; content:"web.johnmccrea.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231058/; classtype:trojan-activity;sid:84094158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.156.143.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231053/; classtype:trojan-activity;sid:84094153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.141.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231054/; classtype:trojan-activity;sid:84094154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/67065a0933c9e_uuesupdater.exe"; depth:34; endswith; nocase; http.host; content:"proxy.siteterbaru.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231055/; classtype:trojan-activity;sid:84094155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dist/67081de6be937_particlerops.exe"; depth:36; endswith; nocase; http.host; content:"cache.ussc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231056/; classtype:trojan-activity;sid:84094156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.184.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231050/; classtype:trojan-activity;sid:84094150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.218.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231049/; classtype:trojan-activity;sid:84094149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.3.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231045/; classtype:trojan-activity;sid:84094145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231044/; classtype:trojan-activity;sid:84094144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.208.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231043/; classtype:trojan-activity;sid:84094143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.91.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231040/; classtype:trojan-activity;sid:84094140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.151.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231041/; classtype:trojan-activity;sid:84094141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.17.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231039/; classtype:trojan-activity;sid:84094139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.228.151.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231038/; classtype:trojan-activity;sid:84094138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.56.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231037/; classtype:trojan-activity;sid:84094137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.161.20.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231032/; classtype:trojan-activity;sid:84094132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.182.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231030/; classtype:trojan-activity;sid:84094130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.65.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231023/; classtype:trojan-activity;sid:84094123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.251.20.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231024/; classtype:trojan-activity;sid:84094124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.218.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231020/; classtype:trojan-activity;sid:84094120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.122.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231019/; classtype:trojan-activity;sid:84094119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.57.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231015/; classtype:trojan-activity;sid:84094115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.210.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231013/; classtype:trojan-activity;sid:84094113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.56.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231012/; classtype:trojan-activity;sid:84094112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/67065b4c84713_javiles.exe"; depth:30; endswith; nocase; http.host; content:"cache.ussc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231011/; classtype:trojan-activity;sid:84094111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.220.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231009/; classtype:trojan-activity;sid:84094109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.180.11.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231008/; classtype:trojan-activity;sid:84094108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.175.52.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231006/; classtype:trojan-activity;sid:84094106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/67065a0933c9e_uuesupdater.exe"; depth:34; endswith; nocase; http.host; content:"app.rtpdgox.info"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231003/; classtype:trojan-activity;sid:84094103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.113.206.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231004/; classtype:trojan-activity;sid:84094104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.220.68.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231005/; classtype:trojan-activity;sid:84094105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231001/; classtype:trojan-activity;sid:84094101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.240.249.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230999/; classtype:trojan-activity;sid:84094099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.107.115.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231000/; classtype:trojan-activity;sid:84094100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.65.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230997/; classtype:trojan-activity;sid:84094097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/ettb15lcedjyw3r.exe"; depth:24; endswith; nocase; http.host; content:"154.216.19.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230998/; classtype:trojan-activity;sid:84094098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/67065b4c84713_javiles.exe"; depth:30; endswith; nocase; http.host; content:"web.johnmccrea.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230995/; classtype:trojan-activity;sid:84094095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/67065227a0640_rrrrrrrr.exe"; depth:37; endswith; nocase; http.host; content:"app.cumpar-auto-orice-tip.ro"; depth:28; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230996/; classtype:trojan-activity;sid:84094096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.169.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230994/; classtype:trojan-activity;sid:84094094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.251.20.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230993/; classtype:trojan-activity;sid:84094093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.64.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230992/; classtype:trojan-activity;sid:84094092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.244.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230990/; classtype:trojan-activity;sid:84094090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.161.20.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230987/; classtype:trojan-activity;sid:84094087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.57.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230982/; classtype:trojan-activity;sid:84094082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.182.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230981/; classtype:trojan-activity;sid:84094081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.116.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230977/; classtype:trojan-activity;sid:84094077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.11.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230975/; classtype:trojan-activity;sid:84094075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.186.52.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230973/; classtype:trojan-activity;sid:84094073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.209.77.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230971/; classtype:trojan-activity;sid:84094071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.113.206.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230969/; classtype:trojan-activity;sid:84094069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230968/; classtype:trojan-activity;sid:84094068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.113.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230967/; classtype:trojan-activity;sid:84094067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.123.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230965/; classtype:trojan-activity;sid:84094065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.101.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230962/; classtype:trojan-activity;sid:84094062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.64.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230960/; classtype:trojan-activity;sid:84094060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.82.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230958/; classtype:trojan-activity;sid:84094058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.161.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230957/; classtype:trojan-activity;sid:84094057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230956/; classtype:trojan-activity;sid:84094056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.116.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230954/; classtype:trojan-activity;sid:84094054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.186.52.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230952/; classtype:trojan-activity;sid:84094052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.152.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230951/; classtype:trojan-activity;sid:84094051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.11.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230948/; classtype:trojan-activity;sid:84094048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.131.69.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230946/; classtype:trojan-activity;sid:84094046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.11.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230944/; classtype:trojan-activity;sid:84094044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.82.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230945/; classtype:trojan-activity;sid:84094045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.148.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230943/; classtype:trojan-activity;sid:84094043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.73.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230938/; classtype:trojan-activity;sid:84094038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.209.77.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230937/; classtype:trojan-activity;sid:84094037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.62.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230936/; classtype:trojan-activity;sid:84094036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.113.206.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230934/; classtype:trojan-activity;sid:84094034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.24.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230933/; classtype:trojan-activity;sid:84094033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.148.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230931/; classtype:trojan-activity;sid:84094031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230925/; classtype:trojan-activity;sid:84094025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.188.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230924/; classtype:trojan-activity;sid:84094024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.113.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230922/; classtype:trojan-activity;sid:84094022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.163.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230920/; classtype:trojan-activity;sid:84094020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.94.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230915/; classtype:trojan-activity;sid:84094015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.87.190.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230913/; classtype:trojan-activity;sid:84094013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.60.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230912/; classtype:trojan-activity;sid:84094012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.62.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230911/; classtype:trojan-activity;sid:84094011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.115.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230910/; classtype:trojan-activity;sid:84094010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.24.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230908/; classtype:trojan-activity;sid:84094008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.238.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230906/; classtype:trojan-activity;sid:84094006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.188.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230905/; classtype:trojan-activity;sid:84094005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230900/; classtype:trojan-activity;sid:84094000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.26.91.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230897/; classtype:trojan-activity;sid:84093997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.151.75.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230898/; classtype:trojan-activity;sid:84093998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.135.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230899/; classtype:trojan-activity;sid:84093999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.228.71.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230893/; classtype:trojan-activity;sid:84093993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.10.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230889/; classtype:trojan-activity;sid:84093989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.32.243.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230890/; classtype:trojan-activity;sid:84093990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.190.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230888/; classtype:trojan-activity;sid:84093988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.190.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230885/; classtype:trojan-activity;sid:84093985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.240.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230881/; classtype:trojan-activity;sid:84093981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"87.239.243.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230877/; classtype:trojan-activity;sid:84093977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.228.71.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230865/; classtype:trojan-activity;sid:84093965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.111.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230860/; classtype:trojan-activity;sid:84093960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.244.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230861/; classtype:trojan-activity;sid:84093961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.59.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230859/; classtype:trojan-activity;sid:84093959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.240.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230854/; classtype:trojan-activity;sid:84093954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.65.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230849/; classtype:trojan-activity;sid:84093949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"153.36.253.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230850/; classtype:trojan-activity;sid:84093950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.3.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230844/; classtype:trojan-activity;sid:84093944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.84.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230837/; classtype:trojan-activity;sid:84093937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.130.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230836/; classtype:trojan-activity;sid:84093936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.34.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230835/; classtype:trojan-activity;sid:84093935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.186.202.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230831/; classtype:trojan-activity;sid:84093931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.93.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230830/; classtype:trojan-activity;sid:84093930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.80.18.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230828/; classtype:trojan-activity;sid:84093928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.54.231.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230827/; classtype:trojan-activity;sid:84093927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.11.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230820/; classtype:trojan-activity;sid:84093920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.3.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230818/; classtype:trojan-activity;sid:84093918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.149.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230817/; classtype:trojan-activity;sid:84093917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.107.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230815/; classtype:trojan-activity;sid:84093915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230813/; classtype:trojan-activity;sid:84093913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.103.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230812/; classtype:trojan-activity;sid:84093912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.130.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230810/; classtype:trojan-activity;sid:84093910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.33.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230798/; classtype:trojan-activity;sid:84093898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.182.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230792/; classtype:trojan-activity;sid:84093892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.186.202.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230788/; classtype:trojan-activity;sid:84093888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.248.121.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230779/; classtype:trojan-activity;sid:84093879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.31.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230777/; classtype:trojan-activity;sid:84093877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.107.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230776/; classtype:trojan-activity;sid:84093876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.215.87.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230774/; classtype:trojan-activity;sid:84093874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.11.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230773/; classtype:trojan-activity;sid:84093873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.69.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230771/; classtype:trojan-activity;sid:84093871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.199.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230770/; classtype:trojan-activity;sid:84093870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.149.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230769/; classtype:trojan-activity;sid:84093869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.194.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230764/; classtype:trojan-activity;sid:84093864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.22.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230763/; classtype:trojan-activity;sid:84093863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.148.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230760/; classtype:trojan-activity;sid:84093860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.163.249.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230758/; classtype:trojan-activity;sid:84093858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.208.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230756/; classtype:trojan-activity;sid:84093856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.75.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230755/; classtype:trojan-activity;sid:84093855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.163.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230754/; classtype:trojan-activity;sid:84093854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.161.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230753/; classtype:trojan-activity;sid:84093853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230751/; classtype:trojan-activity;sid:84093851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.26.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230750/; classtype:trojan-activity;sid:84093850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.43.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230746/; classtype:trojan-activity;sid:84093846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.222.84.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230741/; classtype:trojan-activity;sid:84093841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.95.24.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230740/; classtype:trojan-activity;sid:84093840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.185.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230738/; classtype:trojan-activity;sid:84093838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.75.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230735/; classtype:trojan-activity;sid:84093835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.218.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230732/; classtype:trojan-activity;sid:84093832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230730/; classtype:trojan-activity;sid:84093830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.110.23.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230726/; classtype:trojan-activity;sid:84093826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.194.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230725/; classtype:trojan-activity;sid:84093825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.94.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3230724/; classtype:trojan-activity;sid:84093824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.40.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230722/; classtype:trojan-activity;sid:84093822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.24.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230721/; classtype:trojan-activity;sid:84093821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.52.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230720/; classtype:trojan-activity;sid:84093820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.153.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230719/; classtype:trojan-activity;sid:84093819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.82.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230718/; classtype:trojan-activity;sid:84093818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.57.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230717/; classtype:trojan-activity;sid:84093817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.6.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230716/; classtype:trojan-activity;sid:84093816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.29.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230715/; classtype:trojan-activity;sid:84093815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.181.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230714/; classtype:trojan-activity;sid:84093814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.130.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230713/; classtype:trojan-activity;sid:84093813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.129.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230712/; classtype:trojan-activity;sid:84093812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.99.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230711/; classtype:trojan-activity;sid:84093811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.213.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230710/; classtype:trojan-activity;sid:84093810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.51.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230709/; classtype:trojan-activity;sid:84093809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.184.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230708/; classtype:trojan-activity;sid:84093808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230707/; classtype:trojan-activity;sid:84093807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.222.84.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230706/; classtype:trojan-activity;sid:84093806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230705/; classtype:trojan-activity;sid:84093805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drhbntdenedrhn/2.jpg"; depth:21; endswith; nocase; http.host; content:"odoo.kseibitools.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230704/; classtype:trojan-activity;sid:84093804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drhbntdenedrhn/rainbow.jpg"; depth:27; endswith; nocase; http.host; content:"odoo.kseibitools.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230703/; classtype:trojan-activity;sid:84093803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b112953a9d0b6fc2/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"45.91.200.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230702/; classtype:trojan-activity;sid:84093802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b112953a9d0b6fc2/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"45.91.200.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230701/; classtype:trojan-activity;sid:84093801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b112953a9d0b6fc2/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"45.91.200.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230696/; classtype:trojan-activity;sid:84093796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b112953a9d0b6fc2/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"45.91.200.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230697/; classtype:trojan-activity;sid:84093797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b112953a9d0b6fc2/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"45.91.200.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230698/; classtype:trojan-activity;sid:84093798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b112953a9d0b6fc2/nss3.dll"; depth:26; endswith; nocase; http.host; content:"45.91.200.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230699/; classtype:trojan-activity;sid:84093799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b112953a9d0b6fc2/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"45.91.200.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230700/; classtype:trojan-activity;sid:84093800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.232.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230695/; classtype:trojan-activity;sid:84093795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.77.146.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230694/; classtype:trojan-activity;sid:84093794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.168.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230693/; classtype:trojan-activity;sid:84093793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.126.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230692/; classtype:trojan-activity;sid:84093792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.77.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230691/; classtype:trojan-activity;sid:84093791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.171.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230690/; classtype:trojan-activity;sid:84093790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.57.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230688/; classtype:trojan-activity;sid:84093788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.153.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230689/; classtype:trojan-activity;sid:84093789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.207.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230687/; classtype:trojan-activity;sid:84093787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.144.157.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230686/; classtype:trojan-activity;sid:84093786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.38.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230685/; classtype:trojan-activity;sid:84093785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.61.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230684/; classtype:trojan-activity;sid:84093784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.27.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230683/; classtype:trojan-activity;sid:84093783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.181.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230682/; classtype:trojan-activity;sid:84093782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.176.7.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230681/; classtype:trojan-activity;sid:84093781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.66.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230680/; classtype:trojan-activity;sid:84093780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.182.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230679/; classtype:trojan-activity;sid:84093779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.188.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230678/; classtype:trojan-activity;sid:84093778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.130.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230677/; classtype:trojan-activity;sid:84093777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.30.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230676/; classtype:trojan-activity;sid:84093776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.99.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230674/; classtype:trojan-activity;sid:84093774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.213.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230675/; classtype:trojan-activity;sid:84093775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.240.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230673/; classtype:trojan-activity;sid:84093773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.107.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230672/; classtype:trojan-activity;sid:84093772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.26.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230671/; classtype:trojan-activity;sid:84093771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.202.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230670/; classtype:trojan-activity;sid:84093770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.77.146.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230669/; classtype:trojan-activity;sid:84093769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.176.7.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230668/; classtype:trojan-activity;sid:84093768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.211.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230667/; classtype:trojan-activity;sid:84093767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.1.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230666/; classtype:trojan-activity;sid:84093766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.246.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230665/; classtype:trojan-activity;sid:84093765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.9.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230663/; classtype:trojan-activity;sid:84093763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.168.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230664/; classtype:trojan-activity;sid:84093764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"187.144.157.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230662/; classtype:trojan-activity;sid:84093762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.193.204.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230661/; classtype:trojan-activity;sid:84093761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.118.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230660/; classtype:trojan-activity;sid:84093760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.38.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230659/; classtype:trojan-activity;sid:84093759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.3.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230658/; classtype:trojan-activity;sid:84093758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.27.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230657/; classtype:trojan-activity;sid:84093757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.12.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230656/; classtype:trojan-activity;sid:84093756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.129.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230655/; classtype:trojan-activity;sid:84093755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.9.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230654/; classtype:trojan-activity;sid:84093754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.247.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230653/; classtype:trojan-activity;sid:84093753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.19.218.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230652/; classtype:trojan-activity;sid:84093752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.216.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230651/; classtype:trojan-activity;sid:84093751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.95.24.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230650/; classtype:trojan-activity;sid:84093750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.101.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230649/; classtype:trojan-activity;sid:84093749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.246.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230648/; classtype:trojan-activity;sid:84093748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230647/; classtype:trojan-activity;sid:84093747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.119.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230646/; classtype:trojan-activity;sid:84093746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.202.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230645/; classtype:trojan-activity;sid:84093745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.61.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230644/; classtype:trojan-activity;sid:84093744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.211.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230643/; classtype:trojan-activity;sid:84093743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.247.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230642/; classtype:trojan-activity;sid:84093742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.193.204.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230641/; classtype:trojan-activity;sid:84093741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.242.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230640/; classtype:trojan-activity;sid:84093740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230639/; classtype:trojan-activity;sid:84093739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.225.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230637/; classtype:trojan-activity;sid:84093737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.5.143.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230638/; classtype:trojan-activity;sid:84093738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.50.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230636/; classtype:trojan-activity;sid:84093736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.168.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230635/; classtype:trojan-activity;sid:84093735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.129.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230634/; classtype:trojan-activity;sid:84093734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.57.160.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230633/; classtype:trojan-activity;sid:84093733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230632/; classtype:trojan-activity;sid:84093732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.64.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230631/; classtype:trojan-activity;sid:84093731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.120.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230630/; classtype:trojan-activity;sid:84093730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.5.143.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230629/; classtype:trojan-activity;sid:84093729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.175.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230628/; classtype:trojan-activity;sid:84093728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230627/; classtype:trojan-activity;sid:84093727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.95.27.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230626/; classtype:trojan-activity;sid:84093726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.36.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230625/; classtype:trojan-activity;sid:84093725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.151.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230624/; classtype:trojan-activity;sid:84093724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.242.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230623/; classtype:trojan-activity;sid:84093723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.4.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230622/; classtype:trojan-activity;sid:84093722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.100.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230621/; classtype:trojan-activity;sid:84093721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230620/; classtype:trojan-activity;sid:84093720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230619/; classtype:trojan-activity;sid:84093719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.225.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230618/; classtype:trojan-activity;sid:84093718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.122.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230617/; classtype:trojan-activity;sid:84093717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.97.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230616/; classtype:trojan-activity;sid:84093716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.232.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230615/; classtype:trojan-activity;sid:84093715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.95.27.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230614/; classtype:trojan-activity;sid:84093714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.101.92.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230613/; classtype:trojan-activity;sid:84093713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.65.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230612/; classtype:trojan-activity;sid:84093712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.18.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230611/; classtype:trojan-activity;sid:84093711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.75.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230610/; classtype:trojan-activity;sid:84093710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.230.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230609/; classtype:trojan-activity;sid:84093709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.189.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230608/; classtype:trojan-activity;sid:84093708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.210.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230607/; classtype:trojan-activity;sid:84093707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.177.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230606/; classtype:trojan-activity;sid:84093706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.196.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230605/; classtype:trojan-activity;sid:84093705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.15.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230604/; classtype:trojan-activity;sid:84093704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.183.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230603/; classtype:trojan-activity;sid:84093703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230602/; classtype:trojan-activity;sid:84093702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.88.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230601/; classtype:trojan-activity;sid:84093701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.187.83.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230600/; classtype:trojan-activity;sid:84093700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.48.28.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230599/; classtype:trojan-activity;sid:84093699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.17.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230598/; classtype:trojan-activity;sid:84093698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.121.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230597/; classtype:trojan-activity;sid:84093697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.67.41"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230596/; classtype:trojan-activity;sid:84093696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.124.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230595/; classtype:trojan-activity;sid:84093695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230594/; classtype:trojan-activity;sid:84093694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.21.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230593/; classtype:trojan-activity;sid:84093693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.199.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230592/; classtype:trojan-activity;sid:84093692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.128.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230591/; classtype:trojan-activity;sid:84093691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.172.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230590/; classtype:trojan-activity;sid:84093690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.18.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230588/; classtype:trojan-activity;sid:84093688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.82.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230589/; classtype:trojan-activity;sid:84093689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.226.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230587/; classtype:trojan-activity;sid:84093687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.189.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230586/; classtype:trojan-activity;sid:84093686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.199.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230585/; classtype:trojan-activity;sid:84093685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.215.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230584/; classtype:trojan-activity;sid:84093684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.210.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230583/; classtype:trojan-activity;sid:84093683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.110.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230581/; classtype:trojan-activity;sid:84093681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.97.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230582/; classtype:trojan-activity;sid:84093682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.46.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230580/; classtype:trojan-activity;sid:84093680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.53.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230579/; classtype:trojan-activity;sid:84093679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230578/; classtype:trojan-activity;sid:84093678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.152.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230577/; classtype:trojan-activity;sid:84093677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.37.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230576/; classtype:trojan-activity;sid:84093676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.196.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230575/; classtype:trojan-activity;sid:84093675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230574/; classtype:trojan-activity;sid:84093674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.88.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230573/; classtype:trojan-activity;sid:84093673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.8.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230572/; classtype:trojan-activity;sid:84093672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.40.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230571/; classtype:trojan-activity;sid:84093671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230570/; classtype:trojan-activity;sid:84093670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.225.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230569/; classtype:trojan-activity;sid:84093669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.7.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230568/; classtype:trojan-activity;sid:84093668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.86.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230567/; classtype:trojan-activity;sid:84093667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.217.95.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230566/; classtype:trojan-activity;sid:84093666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.154.47.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230565/; classtype:trojan-activity;sid:84093665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.75.58.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230563/; classtype:trojan-activity;sid:84093663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.62.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230564/; classtype:trojan-activity;sid:84093664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.217.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230562/; classtype:trojan-activity;sid:84093662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.98.194.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230561/; classtype:trojan-activity;sid:84093661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.93.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230560/; classtype:trojan-activity;sid:84093660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.180.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230559/; classtype:trojan-activity;sid:84093659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.173.109.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230558/; classtype:trojan-activity;sid:84093658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.137.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230557/; classtype:trojan-activity;sid:84093657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.82.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230555/; classtype:trojan-activity;sid:84093655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.192.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230556/; classtype:trojan-activity;sid:84093656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.44.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230554/; classtype:trojan-activity;sid:84093654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.128.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230553/; classtype:trojan-activity;sid:84093653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.23.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230552/; classtype:trojan-activity;sid:84093652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.152.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230551/; classtype:trojan-activity;sid:84093651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.234.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230550/; classtype:trojan-activity;sid:84093650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.199.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230549/; classtype:trojan-activity;sid:84093649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.53.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230548/; classtype:trojan-activity;sid:84093648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.151.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230547/; classtype:trojan-activity;sid:84093647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.57.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230546/; classtype:trojan-activity;sid:84093646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.46.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230545/; classtype:trojan-activity;sid:84093645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.110.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230544/; classtype:trojan-activity;sid:84093644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.227.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230542/; classtype:trojan-activity;sid:84093642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.191.83.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230543/; classtype:trojan-activity;sid:84093643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230541/; classtype:trojan-activity;sid:84093641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.12.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230540/; classtype:trojan-activity;sid:84093640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.72.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230539/; classtype:trojan-activity;sid:84093639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.96.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230538/; classtype:trojan-activity;sid:84093638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.56.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230537/; classtype:trojan-activity;sid:84093637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.100.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230536/; classtype:trojan-activity;sid:84093636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.97.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230535/; classtype:trojan-activity;sid:84093635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.187.83.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230534/; classtype:trojan-activity;sid:84093634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.66.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230533/; classtype:trojan-activity;sid:84093633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.248.121.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230532/; classtype:trojan-activity;sid:84093632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.210.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230531/; classtype:trojan-activity;sid:84093631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.61.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230530/; classtype:trojan-activity;sid:84093630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.87.115"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230529/; classtype:trojan-activity;sid:84093629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.96.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230528/; classtype:trojan-activity;sid:84093628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.234.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230527/; classtype:trojan-activity;sid:84093627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.70.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230526/; classtype:trojan-activity;sid:84093626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.238.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230525/; classtype:trojan-activity;sid:84093625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.251.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230524/; classtype:trojan-activity;sid:84093624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.118.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230523/; classtype:trojan-activity;sid:84093623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.142.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230522/; classtype:trojan-activity;sid:84093622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230521/; classtype:trojan-activity;sid:84093621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.219.189.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230520/; classtype:trojan-activity;sid:84093620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.126.81.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230519/; classtype:trojan-activity;sid:84093619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.48.59.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230518/; classtype:trojan-activity;sid:84093618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.72.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230517/; classtype:trojan-activity;sid:84093617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.96.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230515/; classtype:trojan-activity;sid:84093615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.219.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230516/; classtype:trojan-activity;sid:84093616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.248.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230514/; classtype:trojan-activity;sid:84093614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230513/; classtype:trojan-activity;sid:84093613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230512/; classtype:trojan-activity;sid:84093612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.96.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230511/; classtype:trojan-activity;sid:84093611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230510/; classtype:trojan-activity;sid:84093610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.56.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230502/; classtype:trojan-activity;sid:84093602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230503/; classtype:trojan-activity;sid:84093603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230504/; classtype:trojan-activity;sid:84093604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230505/; classtype:trojan-activity;sid:84093605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230506/; classtype:trojan-activity;sid:84093606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230507/; classtype:trojan-activity;sid:84093607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230508/; classtype:trojan-activity;sid:84093608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230509/; classtype:trojan-activity;sid:84093609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.237.0.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230501/; classtype:trojan-activity;sid:84093601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.247.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230500/; classtype:trojan-activity;sid:84093600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.158.67.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230499/; classtype:trojan-activity;sid:84093599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.251.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230498/; classtype:trojan-activity;sid:84093598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.61.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230497/; classtype:trojan-activity;sid:84093597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.83.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230496/; classtype:trojan-activity;sid:84093596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.129.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230495/; classtype:trojan-activity;sid:84093595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"169.0.93.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230494/; classtype:trojan-activity;sid:84093594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"ckule.outfit.dianamercer.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230493/; classtype:trojan-activity;sid:84093593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.40.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230492/; classtype:trojan-activity;sid:84093592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.219.189.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230491/; classtype:trojan-activity;sid:84093591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.70.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230490/; classtype:trojan-activity;sid:84093590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.238.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230489/; classtype:trojan-activity;sid:84093589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.214.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230488/; classtype:trojan-activity;sid:84093588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.117.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230487/; classtype:trojan-activity;sid:84093587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.217.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230486/; classtype:trojan-activity;sid:84093586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.45.56.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230485/; classtype:trojan-activity;sid:84093585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.208.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230484/; classtype:trojan-activity;sid:84093584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.224.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230483/; classtype:trojan-activity;sid:84093583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"73.171.230.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230482/; classtype:trojan-activity;sid:84093582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.113.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230481/; classtype:trojan-activity;sid:84093581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.142.85.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230480/; classtype:trojan-activity;sid:84093580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.219.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230479/; classtype:trojan-activity;sid:84093579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.48.59.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230478/; classtype:trojan-activity;sid:84093578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.158.67.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230477/; classtype:trojan-activity;sid:84093577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.138.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230475/; classtype:trojan-activity;sid:84093575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.56.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230476/; classtype:trojan-activity;sid:84093576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.129.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230474/; classtype:trojan-activity;sid:84093574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.247.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230473/; classtype:trojan-activity;sid:84093573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.146.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230472/; classtype:trojan-activity;sid:84093572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.31.190.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230471/; classtype:trojan-activity;sid:84093571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.14.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230470/; classtype:trojan-activity;sid:84093570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.11.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230469/; classtype:trojan-activity;sid:84093569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.178.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230468/; classtype:trojan-activity;sid:84093568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230467/; classtype:trojan-activity;sid:84093567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230466/; classtype:trojan-activity;sid:84093566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.133.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230465/; classtype:trojan-activity;sid:84093565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.138.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230464/; classtype:trojan-activity;sid:84093564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.217.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230462/; classtype:trojan-activity;sid:84093562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.192.248.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230463/; classtype:trojan-activity;sid:84093563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.40.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230461/; classtype:trojan-activity;sid:84093561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.153.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230460/; classtype:trojan-activity;sid:84093560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.27.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230459/; classtype:trojan-activity;sid:84093559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.20.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230458/; classtype:trojan-activity;sid:84093558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.90.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230457/; classtype:trojan-activity;sid:84093557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.75.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230456/; classtype:trojan-activity;sid:84093556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230455/; classtype:trojan-activity;sid:84093555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230454/; classtype:trojan-activity;sid:84093554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.232.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230453/; classtype:trojan-activity;sid:84093553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"73.171.230.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230452/; classtype:trojan-activity;sid:84093552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.8.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230450/; classtype:trojan-activity;sid:84093550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.243.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230451/; classtype:trojan-activity;sid:84093551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.93.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230449/; classtype:trojan-activity;sid:84093549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.140.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230448/; classtype:trojan-activity;sid:84093548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.180.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230447/; classtype:trojan-activity;sid:84093547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.172.69.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230446/; classtype:trojan-activity;sid:84093546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.100.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230445/; classtype:trojan-activity;sid:84093545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.32.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230444/; classtype:trojan-activity;sid:84093544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.19.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230443/; classtype:trojan-activity;sid:84093543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.2.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230442/; classtype:trojan-activity;sid:84093542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.72.21.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230441/; classtype:trojan-activity;sid:84093541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.171.244.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230440/; classtype:trojan-activity;sid:84093540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.148.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230439/; classtype:trojan-activity;sid:84093539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.102.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230438/; classtype:trojan-activity;sid:84093538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.23.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230437/; classtype:trojan-activity;sid:84093537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.97.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230436/; classtype:trojan-activity;sid:84093536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.123.216.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230435/; classtype:trojan-activity;sid:84093535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.76.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230434/; classtype:trojan-activity;sid:84093534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"160.22.160.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230433/; classtype:trojan-activity;sid:84093533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"160.22.160.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230432/; classtype:trojan-activity;sid:84093532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.142.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230430/; classtype:trojan-activity;sid:84093530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230431/; classtype:trojan-activity;sid:84093531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230429/; classtype:trojan-activity;sid:84093529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.11.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230428/; classtype:trojan-activity;sid:84093528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"160.22.160.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230427/; classtype:trojan-activity;sid:84093527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"160.22.160.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230420/; classtype:trojan-activity;sid:84093520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"160.22.160.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230421/; classtype:trojan-activity;sid:84093521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"160.22.160.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230422/; classtype:trojan-activity;sid:84093522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"160.22.160.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230423/; classtype:trojan-activity;sid:84093523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"160.22.160.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230424/; classtype:trojan-activity;sid:84093524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"160.22.160.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230425/; classtype:trojan-activity;sid:84093525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"160.22.160.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230426/; classtype:trojan-activity;sid:84093526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.90.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230419/; classtype:trojan-activity;sid:84093519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.25.40.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230418/; classtype:trojan-activity;sid:84093518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.9.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230417/; classtype:trojan-activity;sid:84093517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.85.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230416/; classtype:trojan-activity;sid:84093516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.123.216.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230415/; classtype:trojan-activity;sid:84093515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.228.131.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230414/; classtype:trojan-activity;sid:84093514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.97.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230413/; classtype:trojan-activity;sid:84093513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.24.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230412/; classtype:trojan-activity;sid:84093512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230411/; classtype:trojan-activity;sid:84093511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230410/; classtype:trojan-activity;sid:84093510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.119.100.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230409/; classtype:trojan-activity;sid:84093509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.115.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230408/; classtype:trojan-activity;sid:84093508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.24.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230406/; classtype:trojan-activity;sid:84093506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230407/; classtype:trojan-activity;sid:84093507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.81.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230405/; classtype:trojan-activity;sid:84093505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.190.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230403/; classtype:trojan-activity;sid:84093503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230404/; classtype:trojan-activity;sid:84093504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.69.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230402/; classtype:trojan-activity;sid:84093502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.125.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230401/; classtype:trojan-activity;sid:84093501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.9.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230400/; classtype:trojan-activity;sid:84093500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.242.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230399/; classtype:trojan-activity;sid:84093499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230398/; classtype:trojan-activity;sid:84093498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.112.117.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230397/; classtype:trojan-activity;sid:84093497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.123.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230396/; classtype:trojan-activity;sid:84093496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.101.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230394/; classtype:trojan-activity;sid:84093494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"149.255.15.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230395/; classtype:trojan-activity;sid:84093495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.81.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230393/; classtype:trojan-activity;sid:84093493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.98.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230392/; classtype:trojan-activity;sid:84093492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.97.162.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230391/; classtype:trojan-activity;sid:84093491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.83.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230389/; classtype:trojan-activity;sid:84093489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.176.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230390/; classtype:trojan-activity;sid:84093490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.228.131.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230388/; classtype:trojan-activity;sid:84093488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.25.40.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230387/; classtype:trojan-activity;sid:84093487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.63.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230386/; classtype:trojan-activity;sid:84093486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230385/; classtype:trojan-activity;sid:84093485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.203.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230384/; classtype:trojan-activity;sid:84093484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230383/; classtype:trojan-activity;sid:84093483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.24.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230382/; classtype:trojan-activity;sid:84093482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.178.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230381/; classtype:trojan-activity;sid:84093481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.24.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230380/; classtype:trojan-activity;sid:84093480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.224.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230379/; classtype:trojan-activity;sid:84093479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.104.220.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230378/; classtype:trojan-activity;sid:84093478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.16.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230377/; classtype:trojan-activity;sid:84093477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.170.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230376/; classtype:trojan-activity;sid:84093476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230375/; classtype:trojan-activity;sid:84093475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.134.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230374/; classtype:trojan-activity;sid:84093474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.148.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230373/; classtype:trojan-activity;sid:84093473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.192.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230372/; classtype:trojan-activity;sid:84093472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.212.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230371/; classtype:trojan-activity;sid:84093471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.203.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230370/; classtype:trojan-activity;sid:84093470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.104.220.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230369/; classtype:trojan-activity;sid:84093469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.145.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230368/; classtype:trojan-activity;sid:84093468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230367/; classtype:trojan-activity;sid:84093467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.87.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230366/; classtype:trojan-activity;sid:84093466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raril4.txt"; depth:11; endswith; nocase; http.host; content:"rartxt41.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230365/; classtype:trojan-activity;sid:84093465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winormil4.zip"; depth:14; endswith; nocase; http.host; content:"wintr41.b-cdn.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230364/; classtype:trojan-activity;sid:84093464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.203.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230363/; classtype:trojan-activity;sid:84093463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.190.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230362/; classtype:trojan-activity;sid:84093462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.56.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230361/; classtype:trojan-activity;sid:84093461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.138.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230360/; classtype:trojan-activity;sid:84093460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.6.91.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230359/; classtype:trojan-activity;sid:84093459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.11.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230358/; classtype:trojan-activity;sid:84093458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230357/; classtype:trojan-activity;sid:84093457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.77.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230356/; classtype:trojan-activity;sid:84093456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smpsl"; depth:6; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230354/; classtype:trojan-activity;sid:84093454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm"; depth:5; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230355/; classtype:trojan-activity;sid:84093455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.129.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230347/; classtype:trojan-activity;sid:84093447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh4"; depth:5; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230348/; classtype:trojan-activity;sid:84093448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm7"; depth:6; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230349/; classtype:trojan-activity;sid:84093449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smips"; depth:6; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230350/; classtype:trojan-activity;sid:84093450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm5"; depth:6; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230351/; classtype:trojan-activity;sid:84093451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230352/; classtype:trojan-activity;sid:84093452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm6"; depth:6; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230353/; classtype:trojan-activity;sid:84093453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm6"; depth:6; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230337/; classtype:trojan-activity;sid:84093437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm"; depth:5; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230338/; classtype:trojan-activity;sid:84093438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tx86"; depth:5; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230339/; classtype:trojan-activity;sid:84093439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsh4"; depth:5; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230340/; classtype:trojan-activity;sid:84093440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm5"; depth:6; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230341/; classtype:trojan-activity;sid:84093441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpsl"; depth:6; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230342/; classtype:trojan-activity;sid:84093442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tppc"; depth:5; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230343/; classtype:trojan-activity;sid:84093443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm7"; depth:6; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230344/; classtype:trojan-activity;sid:84093444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmips"; depth:6; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230345/; classtype:trojan-activity;sid:84093445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tspc"; depth:5; endswith; nocase; http.host; content:"154.216.19.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230346/; classtype:trojan-activity;sid:84093446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.192.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230336/; classtype:trojan-activity;sid:84093436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.54.157.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230335/; classtype:trojan-activity;sid:84093435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.17.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230334/; classtype:trojan-activity;sid:84093434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.190.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230333/; classtype:trojan-activity;sid:84093433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.212.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230332/; classtype:trojan-activity;sid:84093432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.84.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230331/; classtype:trojan-activity;sid:84093431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.96.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230326/; classtype:trojan-activity;sid:84093426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.77.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230327/; classtype:trojan-activity;sid:84093427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.188.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230328/; classtype:trojan-activity;sid:84093428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.56.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230329/; classtype:trojan-activity;sid:84093429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.106.156.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230330/; classtype:trojan-activity;sid:84093430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.166.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230325/; classtype:trojan-activity;sid:84093425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.11.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230324/; classtype:trojan-activity;sid:84093424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.189.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230323/; classtype:trojan-activity;sid:84093423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"209.103.243.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230322/; classtype:trojan-activity;sid:84093422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230321/; classtype:trojan-activity;sid:84093421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.17.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230320/; classtype:trojan-activity;sid:84093420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.129.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230319/; classtype:trojan-activity;sid:84093419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.246.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230318/; classtype:trojan-activity;sid:84093418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.2.32.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230317/; classtype:trojan-activity;sid:84093417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.49.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230316/; classtype:trojan-activity;sid:84093416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.220.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230315/; classtype:trojan-activity;sid:84093415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.116.107.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230314/; classtype:trojan-activity;sid:84093414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230313/; classtype:trojan-activity;sid:84093413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.188.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230312/; classtype:trojan-activity;sid:84093412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.123.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230311/; classtype:trojan-activity;sid:84093411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.240.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230310/; classtype:trojan-activity;sid:84093410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.188.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230309/; classtype:trojan-activity;sid:84093409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.103.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230308/; classtype:trojan-activity;sid:84093408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.150.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230307/; classtype:trojan-activity;sid:84093407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.30.110.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230306/; classtype:trojan-activity;sid:84093406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.116.107.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230305/; classtype:trojan-activity;sid:84093405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.138.133.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230304/; classtype:trojan-activity;sid:84093404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.103.147.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230299/; classtype:trojan-activity;sid:84093399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.134.219.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230300/; classtype:trojan-activity;sid:84093400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.221.174.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230301/; classtype:trojan-activity;sid:84093401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"62.234.89.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230302/; classtype:trojan-activity;sid:84093402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.130.49.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230303/; classtype:trojan-activity;sid:84093403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"42.192.195.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230278/; classtype:trojan-activity;sid:84093378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.126.87.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230279/; classtype:trojan-activity;sid:84093379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.71.223.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230280/; classtype:trojan-activity;sid:84093380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.223.218.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230281/; classtype:trojan-activity;sid:84093381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.96.106.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230282/; classtype:trojan-activity;sid:84093382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"81.70.99.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230283/; classtype:trojan-activity;sid:84093383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"23.94.250.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230284/; classtype:trojan-activity;sid:84093384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.15.247.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230285/; classtype:trojan-activity;sid:84093385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"122.51.243.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230286/; classtype:trojan-activity;sid:84093386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.121.115.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230287/; classtype:trojan-activity;sid:84093387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"122.51.175.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230288/; classtype:trojan-activity;sid:84093388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.132.182.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230289/; classtype:trojan-activity;sid:84093389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"119.29.232.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230290/; classtype:trojan-activity;sid:84093390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"38.181.76.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230291/; classtype:trojan-activity;sid:84093391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"91.186.211.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230292/; classtype:trojan-activity;sid:84093392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.220.28.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230293/; classtype:trojan-activity;sid:84093393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"81.19.136.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230294/; classtype:trojan-activity;sid:84093394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"114.132.159.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230295/; classtype:trojan-activity;sid:84093395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.116.198.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230296/; classtype:trojan-activity;sid:84093396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.43.68.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230297/; classtype:trojan-activity;sid:84093397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"150.158.13.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230298/; classtype:trojan-activity;sid:84093398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.101.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230277/; classtype:trojan-activity;sid:84093377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"81.19.136.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230276/; classtype:trojan-activity;sid:84093376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"60.217.23.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230274/; classtype:trojan-activity;sid:84093374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"113.31.113.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230275/; classtype:trojan-activity;sid:84093375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.105.131.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230273/; classtype:trojan-activity;sid:84093373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.219.0.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230271/; classtype:trojan-activity;sid:84093371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"82.147.84.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230272/; classtype:trojan-activity;sid:84093372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"116.232.74.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230267/; classtype:trojan-activity;sid:84093367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"94.20.88.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230268/; classtype:trojan-activity;sid:84093368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"199.187.25.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230269/; classtype:trojan-activity;sid:84093369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.55.241.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230270/; classtype:trojan-activity;sid:84093370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.2.32.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230266/; classtype:trojan-activity;sid:84093366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"23.94.2.159"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230265/; classtype:trojan-activity;sid:84093365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"82.157.142.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230264/; classtype:trojan-activity;sid:84093364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.240.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230263/; classtype:trojan-activity;sid:84093363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.134.201.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230262/; classtype:trojan-activity;sid:84093362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.90.157.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230260/; classtype:trojan-activity;sid:84093360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"171.25.157.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230261/; classtype:trojan-activity;sid:84093361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.222.189.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230249/; classtype:trojan-activity;sid:84093349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"110.41.170.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230250/; classtype:trojan-activity;sid:84093350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"116.232.74.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230251/; classtype:trojan-activity;sid:84093351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"154.40.45.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230252/; classtype:trojan-activity;sid:84093352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.130.117.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230253/; classtype:trojan-activity;sid:84093353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.13.255.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230254/; classtype:trojan-activity;sid:84093354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.224.245.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230255/; classtype:trojan-activity;sid:84093355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"61.128.12.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230256/; classtype:trojan-activity;sid:84093356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"82.156.137.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230257/; classtype:trojan-activity;sid:84093357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"154.83.83.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230258/; classtype:trojan-activity;sid:84093358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"128.14.229.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230259/; classtype:trojan-activity;sid:84093359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"35.210.58.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230234/; classtype:trojan-activity;sid:84093334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"82.157.71.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230235/; classtype:trojan-activity;sid:84093335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.70.99.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230236/; classtype:trojan-activity;sid:84093336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.43.125.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230237/; classtype:trojan-activity;sid:84093337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.100.70.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230238/; classtype:trojan-activity;sid:84093338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.92.86.239"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230239/; classtype:trojan-activity;sid:84093339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.222.72.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230240/; classtype:trojan-activity;sid:84093340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.196.191.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230241/; classtype:trojan-activity;sid:84093341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.117.62.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230242/; classtype:trojan-activity;sid:84093342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.120.3.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230243/; classtype:trojan-activity;sid:84093343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.109.49.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230244/; classtype:trojan-activity;sid:84093344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.43.83.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230245/; classtype:trojan-activity;sid:84093345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.239.121.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230246/; classtype:trojan-activity;sid:84093346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"16.163.157.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230247/; classtype:trojan-activity;sid:84093347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.134.78.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230248/; classtype:trojan-activity;sid:84093348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"35.233.91.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230231/; classtype:trojan-activity;sid:84093331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"34.38.102.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230232/; classtype:trojan-activity;sid:84093332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.129.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230233/; classtype:trojan-activity;sid:84093333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.3.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230230/; classtype:trojan-activity;sid:84093330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"112.126.80.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230229/; classtype:trojan-activity;sid:84093329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"104.245.245.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230228/; classtype:trojan-activity;sid:84093328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.113.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230227/; classtype:trojan-activity;sid:84093327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"81.70.29.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230226/; classtype:trojan-activity;sid:84093326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.183.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230225/; classtype:trojan-activity;sid:84093325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230224/; classtype:trojan-activity;sid:84093324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.244.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230223/; classtype:trojan-activity;sid:84093323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.214.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230222/; classtype:trojan-activity;sid:84093322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.6.158"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230221/; classtype:trojan-activity;sid:84093321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.233.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230220/; classtype:trojan-activity;sid:84093320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.181.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230218/; classtype:trojan-activity;sid:84093318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.98.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230219/; classtype:trojan-activity;sid:84093319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230217/; classtype:trojan-activity;sid:84093317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.24.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230216/; classtype:trojan-activity;sid:84093316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.36.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230215/; classtype:trojan-activity;sid:84093315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.36.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230214/; classtype:trojan-activity;sid:84093314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.13.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230213/; classtype:trojan-activity;sid:84093313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230212/; classtype:trojan-activity;sid:84093312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.3.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230211/; classtype:trojan-activity;sid:84093311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.194.148.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230210/; classtype:trojan-activity;sid:84093310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.110.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230209/; classtype:trojan-activity;sid:84093309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.129.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230208/; classtype:trojan-activity;sid:84093308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.138.139.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230207/; classtype:trojan-activity;sid:84093307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.200.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230205/; classtype:trojan-activity;sid:84093305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.91.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230206/; classtype:trojan-activity;sid:84093306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.214.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230204/; classtype:trojan-activity;sid:84093304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.210.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230203/; classtype:trojan-activity;sid:84093303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pe/5"; depth:5; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230202/; classtype:trojan-activity;sid:84093302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pe/6"; depth:5; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230201/; classtype:trojan-activity;sid:84093301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pe/4"; depth:5; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230197/; classtype:trojan-activity;sid:84093297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pe/3"; depth:5; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230198/; classtype:trojan-activity;sid:84093298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pe/1"; depth:5; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230199/; classtype:trojan-activity;sid:84093299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pe/2"; depth:5; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230200/; classtype:trojan-activity;sid:84093300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.159.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230196/; classtype:trojan-activity;sid:84093296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.20.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230195/; classtype:trojan-activity;sid:84093295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.213.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230194/; classtype:trojan-activity;sid:84093294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.62.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230193/; classtype:trojan-activity;sid:84093293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.167.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230192/; classtype:trojan-activity;sid:84093292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.39.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230190/; classtype:trojan-activity;sid:84093290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winormil4.zip"; depth:14; endswith; nocase; http.host; content:"wintr4.b-cdn.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230191/; classtype:trojan-activity;sid:84093291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.86.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230189/; classtype:trojan-activity;sid:84093289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.71.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230188/; classtype:trojan-activity;sid:84093288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.226.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230187/; classtype:trojan-activity;sid:84093287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.110.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230186/; classtype:trojan-activity;sid:84093286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.89.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230184/; classtype:trojan-activity;sid:84093284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.52.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230185/; classtype:trojan-activity;sid:84093285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winil4.txt"; depth:11; endswith; nocase; http.host; content:"wintx41.b-cdn.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230183/; classtype:trojan-activity;sid:84093283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.36.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230182/; classtype:trojan-activity;sid:84093282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.158.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230181/; classtype:trojan-activity;sid:84093281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.130.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230180/; classtype:trojan-activity;sid:84093280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/do/1654365431.exe"; depth:18; endswith; nocase; http.host; content:"146.70.24.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230179/; classtype:trojan-activity;sid:84093279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.95.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230178/; classtype:trojan-activity;sid:84093278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.200.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230177/; classtype:trojan-activity;sid:84093277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.175.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230176/; classtype:trojan-activity;sid:84093276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.186.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230175/; classtype:trojan-activity;sid:84093275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.21.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230173/; classtype:trojan-activity;sid:84093273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.39.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230174/; classtype:trojan-activity;sid:84093274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.36.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230172/; classtype:trojan-activity;sid:84093272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.159.16.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230171/; classtype:trojan-activity;sid:84093271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.159.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230170/; classtype:trojan-activity;sid:84093270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.84.35"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230169/; classtype:trojan-activity;sid:84093269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230168/; classtype:trojan-activity;sid:84093268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.58.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230166/; classtype:trojan-activity;sid:84093266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.89.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230167/; classtype:trojan-activity;sid:84093267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.242.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230165/; classtype:trojan-activity;sid:84093265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.244.170.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230164/; classtype:trojan-activity;sid:84093264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.158.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230163/; classtype:trojan-activity;sid:84093263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.134.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230161/; classtype:trojan-activity;sid:84093261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.93.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230162/; classtype:trojan-activity;sid:84093262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monamour/"; depth:10; endswith; nocase; http.host; content:"176.113.115.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230160/; classtype:trojan-activity;sid:84093260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.234.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230159/; classtype:trojan-activity;sid:84093259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.250.184.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230158/; classtype:trojan-activity;sid:84093258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.130.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230157/; classtype:trojan-activity;sid:84093257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.252.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230156/; classtype:trojan-activity;sid:84093256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230155/; classtype:trojan-activity;sid:84093255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.254.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230154/; classtype:trojan-activity;sid:84093254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.234.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230153/; classtype:trojan-activity;sid:84093253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.149.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230126/; classtype:trojan-activity;sid:84093226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.121.219.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230124/; classtype:trojan-activity;sid:84093224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.156.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230125/; classtype:trojan-activity;sid:84093225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.253.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230123/; classtype:trojan-activity;sid:84093223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.247.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230122/; classtype:trojan-activity;sid:84093222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.75.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230121/; classtype:trojan-activity;sid:84093221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.119.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230120/; classtype:trojan-activity;sid:84093220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.234.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230119/; classtype:trojan-activity;sid:84093219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.233.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230118/; classtype:trojan-activity;sid:84093218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.184.28.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230117/; classtype:trojan-activity;sid:84093217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.78.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230116/; classtype:trojan-activity;sid:84093216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.250.184.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230115/; classtype:trojan-activity;sid:84093215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.103.69.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230114/; classtype:trojan-activity;sid:84093214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.108.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230112/; classtype:trojan-activity;sid:84093212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.190.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230113/; classtype:trojan-activity;sid:84093213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.183.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230111/; classtype:trojan-activity;sid:84093211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.208.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230109/; classtype:trojan-activity;sid:84093209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.191.184.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230110/; classtype:trojan-activity;sid:84093210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.252.76.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230108/; classtype:trojan-activity;sid:84093208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.234.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230107/; classtype:trojan-activity;sid:84093207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.248.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230106/; classtype:trojan-activity;sid:84093206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.124.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230105/; classtype:trojan-activity;sid:84093205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.180.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230104/; classtype:trojan-activity;sid:84093204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.253.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230103/; classtype:trojan-activity;sid:84093203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.54.249.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230102/; classtype:trojan-activity;sid:84093202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.6.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230101/; classtype:trojan-activity;sid:84093201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.103.69.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230100/; classtype:trojan-activity;sid:84093200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.237.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230099/; classtype:trojan-activity;sid:84093199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.76.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230098/; classtype:trojan-activity;sid:84093198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.46.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230097/; classtype:trojan-activity;sid:84093197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.151.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230096/; classtype:trojan-activity;sid:84093196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.156.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230095/; classtype:trojan-activity;sid:84093195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.108.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230093/; classtype:trojan-activity;sid:84093193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.121.219.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230092/; classtype:trojan-activity;sid:84093192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.39.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230090/; classtype:trojan-activity;sid:84093190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.171.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230091/; classtype:trojan-activity;sid:84093191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.138.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230089/; classtype:trojan-activity;sid:84093189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.253.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230088/; classtype:trojan-activity;sid:84093188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.227.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230087/; classtype:trojan-activity;sid:84093187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.227.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230086/; classtype:trojan-activity;sid:84093186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avastavv.apk"; depth:13; endswith; nocase; http.host; content:"avastbk.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230085/; classtype:trojan-activity;sid:84093185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avastavv.apk"; depth:13; endswith; nocase; http.host; content:"avastpy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230084/; classtype:trojan-activity;sid:84093184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avastavv.apk"; depth:13; endswith; nocase; http.host; content:"avastxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230083/; classtype:trojan-activity;sid:84093183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avastavv.apk"; depth:13; endswith; nocase; http.host; content:"avastpy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230082/; classtype:trojan-activity;sid:84093182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avastavv.apk"; depth:13; endswith; nocase; http.host; content:"avastxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230081/; classtype:trojan-activity;sid:84093181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avastavv.apk"; depth:13; endswith; nocase; http.host; content:"avastwp.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230080/; classtype:trojan-activity;sid:84093180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.59.0.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230078/; classtype:trojan-activity;sid:84093178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.183.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230076/; classtype:trojan-activity;sid:84093176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.169.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230075/; classtype:trojan-activity;sid:84093175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.155.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230074/; classtype:trojan-activity;sid:84093174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.164.114.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230073/; classtype:trojan-activity;sid:84093173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.241.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230072/; classtype:trojan-activity;sid:84093172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.141.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230070/; classtype:trojan-activity;sid:84093170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.55.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230071/; classtype:trojan-activity;sid:84093171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230069/; classtype:trojan-activity;sid:84093169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.190.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230068/; classtype:trojan-activity;sid:84093168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.39.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230067/; classtype:trojan-activity;sid:84093167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.151.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230066/; classtype:trojan-activity;sid:84093166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.50.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230065/; classtype:trojan-activity;sid:84093165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.137.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230064/; classtype:trojan-activity;sid:84093164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.169.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230063/; classtype:trojan-activity;sid:84093163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.91.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230062/; classtype:trojan-activity;sid:84093162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.81.87.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230061/; classtype:trojan-activity;sid:84093161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.86.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230060/; classtype:trojan-activity;sid:84093160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.50.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230059/; classtype:trojan-activity;sid:84093159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.52.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230058/; classtype:trojan-activity;sid:84093158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.208.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230057/; classtype:trojan-activity;sid:84093157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.203.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230056/; classtype:trojan-activity;sid:84093156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.26.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230055/; classtype:trojan-activity;sid:84093155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.17.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230054/; classtype:trojan-activity;sid:84093154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.96.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230053/; classtype:trojan-activity;sid:84093153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.169.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230052/; classtype:trojan-activity;sid:84093152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.114.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230051/; classtype:trojan-activity;sid:84093151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.4.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230050/; classtype:trojan-activity;sid:84093150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230049/; classtype:trojan-activity;sid:84093149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/um9l61wgoaplfkj.exe"; depth:24; endswith; nocase; http.host; content:"154.216.19.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230048/; classtype:trojan-activity;sid:84093148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.202.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230047/; classtype:trojan-activity;sid:84093147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.96.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230046/; classtype:trojan-activity;sid:84093146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.242.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230044/; classtype:trojan-activity;sid:84093144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.28.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230045/; classtype:trojan-activity;sid:84093145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.107.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230042/; classtype:trojan-activity;sid:84093142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.211.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230043/; classtype:trojan-activity;sid:84093143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.53.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230041/; classtype:trojan-activity;sid:84093141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.33.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230040/; classtype:trojan-activity;sid:84093140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.126.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230039/; classtype:trojan-activity;sid:84093139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230038/; classtype:trojan-activity;sid:84093138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.17.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230037/; classtype:trojan-activity;sid:84093137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.52.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230036/; classtype:trojan-activity;sid:84093136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.3.182"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230035/; classtype:trojan-activity;sid:84093135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meningomyelorrhaphy.pfm"; depth:24; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230034/; classtype:trojan-activity;sid:84093134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stinavnet.ttf"; depth:14; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230033/; classtype:trojan-activity;sid:84093133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mycaqjw238.bin"; depth:15; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230005/; classtype:trojan-activity;sid:84093105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/egenproduktions.vbs"; depth:20; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230006/; classtype:trojan-activity;sid:84093106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wdcspolhl19.bin"; depth:16; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230007/; classtype:trojan-activity;sid:84093107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doktriner.cmd"; depth:14; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230008/; classtype:trojan-activity;sid:84093108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/speramtozoon.wsf"; depth:17; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230009/; classtype:trojan-activity;sid:84093109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sxhztwtci31.bin"; depth:16; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230010/; classtype:trojan-activity;sid:84093110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbawoqodpqtptw154.bin"; depth:22; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230011/; classtype:trojan-activity;sid:84093111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acatmfnboqezpp165.bin"; depth:22; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230012/; classtype:trojan-activity;sid:84093112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/katalogstrukturen.toc"; depth:22; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230013/; classtype:trojan-activity;sid:84093113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamgavl.xtp"; depth:12; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230014/; classtype:trojan-activity;sid:84093114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merchandize.smi"; depth:16; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230015/; classtype:trojan-activity;sid:84093115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rottegifte.pfb"; depth:15; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230016/; classtype:trojan-activity;sid:84093116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/undoing.mix"; depth:12; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230017/; classtype:trojan-activity;sid:84093117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/papyrotype.psp"; depth:15; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230018/; classtype:trojan-activity;sid:84093118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indskudsstningers.smi"; depth:22; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230019/; classtype:trojan-activity;sid:84093119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirrorlike.asd"; depth:15; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230020/; classtype:trojan-activity;sid:84093120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/octopodous.mso"; depth:15; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230021/; classtype:trojan-activity;sid:84093121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paleokinetic.fla"; depth:17; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230022/; classtype:trojan-activity;sid:84093122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/synkrotron.ttf"; depth:15; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230023/; classtype:trojan-activity;sid:84093123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slsommere.lzh"; depth:14; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230024/; classtype:trojan-activity;sid:84093124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lydlsere.csv"; depth:13; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230025/; classtype:trojan-activity;sid:84093125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyphomycetes.mix"; depth:17; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230026/; classtype:trojan-activity;sid:84093126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pascha.xtp"; depth:11; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230027/; classtype:trojan-activity;sid:84093127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blokfljters.ocx"; depth:16; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230028/; classtype:trojan-activity;sid:84093128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/transportations.asd"; depth:20; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230029/; classtype:trojan-activity;sid:84093129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chefsekretrers.psd"; depth:19; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230030/; classtype:trojan-activity;sid:84093130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fumatory.emz"; depth:13; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230031/; classtype:trojan-activity;sid:84093131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vendisk.mix"; depth:12; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230032/; classtype:trojan-activity;sid:84093132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ciwies.cmd"; depth:11; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229997/; classtype:trojan-activity;sid:84093097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aguzcy246.bin"; depth:14; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229998/; classtype:trojan-activity;sid:84093098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ysrpqcnszs61.bin"; depth:17; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229999/; classtype:trojan-activity;sid:84093099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlxylgusg221.bin"; depth:17; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230000/; classtype:trojan-activity;sid:84093100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fallisk.wsf"; depth:12; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230001/; classtype:trojan-activity;sid:84093101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jrplzpvlrycze79.bin"; depth:20; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230002/; classtype:trojan-activity;sid:84093102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pplepjlymr85.bin"; depth:17; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230003/; classtype:trojan-activity;sid:84093103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sfjtj87.bin"; depth:12; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230004/; classtype:trojan-activity;sid:84093104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smmestinget143.vbs"; depth:19; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229994/; classtype:trojan-activity;sid:84093094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/productivenesses.cmd"; depth:21; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229995/; classtype:trojan-activity;sid:84093095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abvlfbmduvfnnrbbzlwboog110.bin"; depth:31; endswith; nocase; http.host; content:"45.10.243.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229996/; classtype:trojan-activity;sid:84093096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.85.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229993/; classtype:trojan-activity;sid:84093093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.203.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229992/; classtype:trojan-activity;sid:84093092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229991/; classtype:trojan-activity;sid:84093091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"72.78.250.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229990/; classtype:trojan-activity;sid:84093090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.212.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229989/; classtype:trojan-activity;sid:84093089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.249.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229988/; classtype:trojan-activity;sid:84093088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.49.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229986/; classtype:trojan-activity;sid:84093086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.37.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229987/; classtype:trojan-activity;sid:84093087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.148.147.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229985/; classtype:trojan-activity;sid:84093085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.120.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229983/; classtype:trojan-activity;sid:84093083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.141.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229984/; classtype:trojan-activity;sid:84093084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.138.12.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229982/; classtype:trojan-activity;sid:84093082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.86.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229981/; classtype:trojan-activity;sid:84093081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.114.221.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229980/; classtype:trojan-activity;sid:84093080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.237.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229979/; classtype:trojan-activity;sid:84093079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.57.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229978/; classtype:trojan-activity;sid:84093078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.0.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229977/; classtype:trojan-activity;sid:84093077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.29.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229972/; classtype:trojan-activity;sid:84093072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.238.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229973/; classtype:trojan-activity;sid:84093073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.114.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229974/; classtype:trojan-activity;sid:84093074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.12.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229975/; classtype:trojan-activity;sid:84093075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.110.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229976/; classtype:trojan-activity;sid:84093076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.125.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229971/; classtype:trojan-activity;sid:84093071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.8.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229970/; classtype:trojan-activity;sid:84093070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.34.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229969/; classtype:trojan-activity;sid:84093069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.33.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229968/; classtype:trojan-activity;sid:84093068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.3.182"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229967/; classtype:trojan-activity;sid:84093067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.83.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229966/; classtype:trojan-activity;sid:84093066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229965/; classtype:trojan-activity;sid:84093065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.2.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229964/; classtype:trojan-activity;sid:84093064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229963/; classtype:trojan-activity;sid:84093063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.1.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229962/; classtype:trojan-activity;sid:84093062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.169.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229961/; classtype:trojan-activity;sid:84093061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.99.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229960/; classtype:trojan-activity;sid:84093060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.13.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229959/; classtype:trojan-activity;sid:84093059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.33.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229958/; classtype:trojan-activity;sid:84093058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.126.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229956/; classtype:trojan-activity;sid:84093056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.253.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229957/; classtype:trojan-activity;sid:84093057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.164.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229955/; classtype:trojan-activity;sid:84093055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.158.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229954/; classtype:trojan-activity;sid:84093054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.63.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229953/; classtype:trojan-activity;sid:84093053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.48.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229952/; classtype:trojan-activity;sid:84093052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.209.65.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229951/; classtype:trojan-activity;sid:84093051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.78.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229950/; classtype:trojan-activity;sid:84093050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.128.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229949/; classtype:trojan-activity;sid:84093049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.99.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229947/; classtype:trojan-activity;sid:84093047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.115.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229948/; classtype:trojan-activity;sid:84093048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.75.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229946/; classtype:trojan-activity;sid:84093046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.34.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229945/; classtype:trojan-activity;sid:84093045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.31.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229944/; classtype:trojan-activity;sid:84093044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.199.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229943/; classtype:trojan-activity;sid:84093043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.19.249.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229942/; classtype:trojan-activity;sid:84093042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.253.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229941/; classtype:trojan-activity;sid:84093041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.99.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229940/; classtype:trojan-activity;sid:84093040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.183.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229939/; classtype:trojan-activity;sid:84093039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.104.55.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229938/; classtype:trojan-activity;sid:84093038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.164.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229937/; classtype:trojan-activity;sid:84093037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.77.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229936/; classtype:trojan-activity;sid:84093036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.32.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229935/; classtype:trojan-activity;sid:84093035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.209.65.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229934/; classtype:trojan-activity;sid:84093034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.125.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229932/; classtype:trojan-activity;sid:84093032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.96.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229933/; classtype:trojan-activity;sid:84093033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.116.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229931/; classtype:trojan-activity;sid:84093031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.219.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229929/; classtype:trojan-activity;sid:84093029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.165.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229930/; classtype:trojan-activity;sid:84093030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.254.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229928/; classtype:trojan-activity;sid:84093028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.116.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229927/; classtype:trojan-activity;sid:84093027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.82.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229926/; classtype:trojan-activity;sid:84093026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.11.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229925/; classtype:trojan-activity;sid:84093025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.65.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229924/; classtype:trojan-activity;sid:84093024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.63.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229923/; classtype:trojan-activity;sid:84093023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.111.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229922/; classtype:trojan-activity;sid:84093022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.239.227.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229921/; classtype:trojan-activity;sid:84093021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.182.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229920/; classtype:trojan-activity;sid:84093020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.5.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229919/; classtype:trojan-activity;sid:84093019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.47.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229918/; classtype:trojan-activity;sid:84093018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.24.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229917/; classtype:trojan-activity;sid:84093017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.211.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229916/; classtype:trojan-activity;sid:84093016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.116.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229915/; classtype:trojan-activity;sid:84093015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.42.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229914/; classtype:trojan-activity;sid:84093014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.32.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229913/; classtype:trojan-activity;sid:84093013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.226.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229912/; classtype:trojan-activity;sid:84093012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229911/; classtype:trojan-activity;sid:84093011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.84.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229910/; classtype:trojan-activity;sid:84093010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.12.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229909/; classtype:trojan-activity;sid:84093009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.232.207.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229907/; classtype:trojan-activity;sid:84093007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.202.235.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229908/; classtype:trojan-activity;sid:84093008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.146.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229906/; classtype:trojan-activity;sid:84093006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.111.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229905/; classtype:trojan-activity;sid:84093005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.164.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229904/; classtype:trojan-activity;sid:84093004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.47.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229903/; classtype:trojan-activity;sid:84093003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.161.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229902/; classtype:trojan-activity;sid:84093002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.215.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229901/; classtype:trojan-activity;sid:84093001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.164.229.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229900/; classtype:trojan-activity;sid:84093000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.9.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229899/; classtype:trojan-activity;sid:84092999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.42.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229898/; classtype:trojan-activity;sid:84092998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.63.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229897/; classtype:trojan-activity;sid:84092997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.232.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229896/; classtype:trojan-activity;sid:84092996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.103.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229895/; classtype:trojan-activity;sid:84092995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.126.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229894/; classtype:trojan-activity;sid:84092994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.37.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229893/; classtype:trojan-activity;sid:84092993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.48.59.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229891/; classtype:trojan-activity;sid:84092991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.179.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229892/; classtype:trojan-activity;sid:84092992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.13.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229890/; classtype:trojan-activity;sid:84092990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.1.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229889/; classtype:trojan-activity;sid:84092989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.124.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229888/; classtype:trojan-activity;sid:84092988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.83.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229887/; classtype:trojan-activity;sid:84092987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.221.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229886/; classtype:trojan-activity;sid:84092986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.121.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229885/; classtype:trojan-activity;sid:84092985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229884/; classtype:trojan-activity;sid:84092984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.114.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229883/; classtype:trojan-activity;sid:84092983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.210.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229882/; classtype:trojan-activity;sid:84092982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.216.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229881/; classtype:trojan-activity;sid:84092981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.161.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229880/; classtype:trojan-activity;sid:84092980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.54.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229879/; classtype:trojan-activity;sid:84092979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.103.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229878/; classtype:trojan-activity;sid:84092978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.146.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229877/; classtype:trojan-activity;sid:84092977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.133.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229876/; classtype:trojan-activity;sid:84092976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.3.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229875/; classtype:trojan-activity;sid:84092975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.232.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229874/; classtype:trojan-activity;sid:84092974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.167.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229872/; classtype:trojan-activity;sid:84092972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.149.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229873/; classtype:trojan-activity;sid:84092973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.24.156.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229870/; classtype:trojan-activity;sid:84092970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.37.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229871/; classtype:trojan-activity;sid:84092971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.176.43.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229869/; classtype:trojan-activity;sid:84092969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.124.21.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229867/; classtype:trojan-activity;sid:84092967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.123.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229868/; classtype:trojan-activity;sid:84092968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.12.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229865/; classtype:trojan-activity;sid:84092965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.77.222.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229866/; classtype:trojan-activity;sid:84092966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.221.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229864/; classtype:trojan-activity;sid:84092964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.121.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229863/; classtype:trojan-activity;sid:84092963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.254.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229862/; classtype:trojan-activity;sid:84092962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229861/; classtype:trojan-activity;sid:84092961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.210.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229860/; classtype:trojan-activity;sid:84092960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.105.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229859/; classtype:trojan-activity;sid:84092959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.216.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229858/; classtype:trojan-activity;sid:84092958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.85.119"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229857/; classtype:trojan-activity;sid:84092957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.146.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229856/; classtype:trojan-activity;sid:84092956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.190.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229854/; classtype:trojan-activity;sid:84092954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.237.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229855/; classtype:trojan-activity;sid:84092955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.54.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229853/; classtype:trojan-activity;sid:84092953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.161.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229851/; classtype:trojan-activity;sid:84092951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.199.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229852/; classtype:trojan-activity;sid:84092952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.124.21.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229850/; classtype:trojan-activity;sid:84092950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.31.230.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229848/; classtype:trojan-activity;sid:84092948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.75.239.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229849/; classtype:trojan-activity;sid:84092949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229847/; classtype:trojan-activity;sid:84092947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.204.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229846/; classtype:trojan-activity;sid:84092946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.121.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229845/; classtype:trojan-activity;sid:84092945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.163.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229844/; classtype:trojan-activity;sid:84092944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.52.217.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229843/; classtype:trojan-activity;sid:84092943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.77.222.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229842/; classtype:trojan-activity;sid:84092942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.114.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229841/; classtype:trojan-activity;sid:84092941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.3.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229840/; classtype:trojan-activity;sid:84092940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.105.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229839/; classtype:trojan-activity;sid:84092939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.28.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229838/; classtype:trojan-activity;sid:84092938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.81.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229837/; classtype:trojan-activity;sid:84092937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.183.124.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229836/; classtype:trojan-activity;sid:84092936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.87.216.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229835/; classtype:trojan-activity;sid:84092935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.77.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229834/; classtype:trojan-activity;sid:84092934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.37.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229833/; classtype:trojan-activity;sid:84092933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.237.109.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229832/; classtype:trojan-activity;sid:84092932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.130.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229831/; classtype:trojan-activity;sid:84092931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.206.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229829/; classtype:trojan-activity;sid:84092929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.72.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229830/; classtype:trojan-activity;sid:84092930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.77.75.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229828/; classtype:trojan-activity;sid:84092928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.25.133.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229826/; classtype:trojan-activity;sid:84092926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229827/; classtype:trojan-activity;sid:84092927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229825/; classtype:trojan-activity;sid:84092925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.26.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229824/; classtype:trojan-activity;sid:84092924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229823/; classtype:trojan-activity;sid:84092923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.165.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229822/; classtype:trojan-activity;sid:84092922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.83.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229821/; classtype:trojan-activity;sid:84092921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.179.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229820/; classtype:trojan-activity;sid:84092920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.114.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229819/; classtype:trojan-activity;sid:84092919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.87.82.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229817/; classtype:trojan-activity;sid:84092917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.55.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229818/; classtype:trojan-activity;sid:84092918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.184.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229816/; classtype:trojan-activity;sid:84092916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.44.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229815/; classtype:trojan-activity;sid:84092915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.20.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229814/; classtype:trojan-activity;sid:84092914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.98.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229812/; classtype:trojan-activity;sid:84092912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.237.97.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229813/; classtype:trojan-activity;sid:84092913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229811/; classtype:trojan-activity;sid:84092911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.115.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229810/; classtype:trojan-activity;sid:84092910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.209.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229809/; classtype:trojan-activity;sid:84092909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.144.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229808/; classtype:trojan-activity;sid:84092908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.233.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229807/; classtype:trojan-activity;sid:84092907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.232.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229805/; classtype:trojan-activity;sid:84092905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.117.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229806/; classtype:trojan-activity;sid:84092906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.125.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229803/; classtype:trojan-activity;sid:84092903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.124.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229804/; classtype:trojan-activity;sid:84092904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229802/; classtype:trojan-activity;sid:84092902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.30.69.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229801/; classtype:trojan-activity;sid:84092901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.254.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229800/; classtype:trojan-activity;sid:84092900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.134.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229799/; classtype:trojan-activity;sid:84092899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.35.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229798/; classtype:trojan-activity;sid:84092898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.20.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229797/; classtype:trojan-activity;sid:84092897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.52.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229796/; classtype:trojan-activity;sid:84092896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.97.85"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229795/; classtype:trojan-activity;sid:84092895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.98.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229794/; classtype:trojan-activity;sid:84092894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.28.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229793/; classtype:trojan-activity;sid:84092893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.29.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229792/; classtype:trojan-activity;sid:84092892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.82.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229791/; classtype:trojan-activity;sid:84092891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229789/; classtype:trojan-activity;sid:84092889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.2.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229790/; classtype:trojan-activity;sid:84092890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.225.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229788/; classtype:trojan-activity;sid:84092888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229787/; classtype:trojan-activity;sid:84092887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.134.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229786/; classtype:trojan-activity;sid:84092886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.227.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229785/; classtype:trojan-activity;sid:84092885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.33.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229784/; classtype:trojan-activity;sid:84092884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.67.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229783/; classtype:trojan-activity;sid:84092883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.88.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229781/; classtype:trojan-activity;sid:84092881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.125.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229782/; classtype:trojan-activity;sid:84092882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229780/; classtype:trojan-activity;sid:84092880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.233.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229779/; classtype:trojan-activity;sid:84092879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.4.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229778/; classtype:trojan-activity;sid:84092878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.164.235.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229777/; classtype:trojan-activity;sid:84092877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.165.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229776/; classtype:trojan-activity;sid:84092876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.35.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229775/; classtype:trojan-activity;sid:84092875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/ybxhh/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229773/; classtype:trojan-activity;sid:84092873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptersandtoolsoficial/zip/refs/heads/main/detahnote_v.jpg"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229774/; classtype:trojan-activity;sid:84092874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ns59uctijtxn4hmeza5i-2z5hsgoetwn"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229772/; classtype:trojan-activity;sid:84092872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1d-2jbkhdpepxvunfrq0ssjb0hburg7po"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229771/; classtype:trojan-activity;sid:84092871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hukry/sirdeeeeee.txt"; depth:21; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229770/; classtype:trojan-activity;sid:84092870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ijhnoiitqa0hrwlfr2mhhvqblxgdhtgu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229769/; classtype:trojan-activity;sid:84092869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ozdthulbtwmm7hlrgxef2zxqrysbu6c2"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229768/; classtype:trojan-activity;sid:84092868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.39.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229767/; classtype:trojan-activity;sid:84092867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ejald.js"; depth:9; endswith; nocase; http.host; content:"qu.ax"; depth:5; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229766/; classtype:trojan-activity;sid:84092866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/tielklvkfumqufa.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229764/; classtype:trojan-activity;sid:84092864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.97.85"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229765/; classtype:trojan-activity;sid:84092865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/aegtitprcz9bkkq.exe"; depth:24; endswith; nocase; http.host; content:"154.216.19.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229763/; classtype:trojan-activity;sid:84092863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.84.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229762/; classtype:trojan-activity;sid:84092862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229761/; classtype:trojan-activity;sid:84092861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.105.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229759/; classtype:trojan-activity;sid:84092859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.35.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229760/; classtype:trojan-activity;sid:84092860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.29.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229758/; classtype:trojan-activity;sid:84092858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.47.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229757/; classtype:trojan-activity;sid:84092857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.124.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229756/; classtype:trojan-activity;sid:84092856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.154.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229755/; classtype:trojan-activity;sid:84092855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.96.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229753/; classtype:trojan-activity;sid:84092853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.107.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229754/; classtype:trojan-activity;sid:84092854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.137.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229752/; classtype:trojan-activity;sid:84092852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.43.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229751/; classtype:trojan-activity;sid:84092851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.163.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229750/; classtype:trojan-activity;sid:84092850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.130.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229749/; classtype:trojan-activity;sid:84092849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.127.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229748/; classtype:trojan-activity;sid:84092848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.209.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229747/; classtype:trojan-activity;sid:84092847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.132.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229746/; classtype:trojan-activity;sid:84092846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229745/; classtype:trojan-activity;sid:84092845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.130.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229744/; classtype:trojan-activity;sid:84092844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229743/; classtype:trojan-activity;sid:84092843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.40.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229742/; classtype:trojan-activity;sid:84092842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.154.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229741/; classtype:trojan-activity;sid:84092841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.253.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229740/; classtype:trojan-activity;sid:84092840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.199.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229739/; classtype:trojan-activity;sid:84092839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.32.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229738/; classtype:trojan-activity;sid:84092838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.234.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229737/; classtype:trojan-activity;sid:84092837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229736/; classtype:trojan-activity;sid:84092836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/67065a0933c9e_uuesupdater.exe"; depth:34; endswith; nocase; http.host; content:"cache.ussc.org"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229735/; classtype:trojan-activity;sid:84092835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.86.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229734/; classtype:trojan-activity;sid:84092834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.96.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229733/; classtype:trojan-activity;sid:84092833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.207.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229732/; classtype:trojan-activity;sid:84092832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.150.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229731/; classtype:trojan-activity;sid:84092831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.119.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229730/; classtype:trojan-activity;sid:84092830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.82.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229729/; classtype:trojan-activity;sid:84092829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.107.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229727/; classtype:trojan-activity;sid:84092827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.128.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229728/; classtype:trojan-activity;sid:84092828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.4.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229726/; classtype:trojan-activity;sid:84092826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.243.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229725/; classtype:trojan-activity;sid:84092825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.106.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229724/; classtype:trojan-activity;sid:84092824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.167.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229723/; classtype:trojan-activity;sid:84092823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.179.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229722/; classtype:trojan-activity;sid:84092822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.43.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229721/; classtype:trojan-activity;sid:84092821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/0a839761915d.exe"; depth:21; endswith; nocase; http.host; content:"proxy.siteterbaru.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229720/; classtype:trojan-activity;sid:84092820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.143.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229719/; classtype:trojan-activity;sid:84092819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.94.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229718/; classtype:trojan-activity;sid:84092818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229717/; classtype:trojan-activity;sid:84092817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229716/; classtype:trojan-activity;sid:84092816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229715/; classtype:trojan-activity;sid:84092815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.231.177.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229714/; classtype:trojan-activity;sid:84092814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.159.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229713/; classtype:trojan-activity;sid:84092813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.234.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229712/; classtype:trojan-activity;sid:84092812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.70.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229711/; classtype:trojan-activity;sid:84092811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.32.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229710/; classtype:trojan-activity;sid:84092810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.137.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229709/; classtype:trojan-activity;sid:84092809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.165.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229708/; classtype:trojan-activity;sid:84092808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.232.13.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229707/; classtype:trojan-activity;sid:84092807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.128.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229706/; classtype:trojan-activity;sid:84092806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.84.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229705/; classtype:trojan-activity;sid:84092805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.13.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229704/; classtype:trojan-activity;sid:84092804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.47.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229703/; classtype:trojan-activity;sid:84092803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.94.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229702/; classtype:trojan-activity;sid:84092802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.75.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229701/; classtype:trojan-activity;sid:84092801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0873764dfe24e959/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"91.211.249.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229700/; classtype:trojan-activity;sid:84092800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0873764dfe24e959/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"91.211.249.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229694/; classtype:trojan-activity;sid:84092794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0873764dfe24e959/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"91.211.249.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229695/; classtype:trojan-activity;sid:84092795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0873764dfe24e959/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"91.211.249.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229696/; classtype:trojan-activity;sid:84092796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0873764dfe24e959/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"91.211.249.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229697/; classtype:trojan-activity;sid:84092797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0873764dfe24e959/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"91.211.249.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229698/; classtype:trojan-activity;sid:84092798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0873764dfe24e959/nss3.dll"; depth:26; endswith; nocase; http.host; content:"91.211.249.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229699/; classtype:trojan-activity;sid:84092799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.0.109.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229693/; classtype:trojan-activity;sid:84092793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.202.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229692/; classtype:trojan-activity;sid:84092792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.110.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229691/; classtype:trojan-activity;sid:84092791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.245.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229690/; classtype:trojan-activity;sid:84092790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn5.zip"; depth:20; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229689/; classtype:trojan-activity;sid:84092789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/v%d0%b5rus.zip"; depth:19; endswith; nocase; http.host; content:"veruscheats.space"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229688/; classtype:trojan-activity;sid:84092788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn1.zip"; depth:20; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229686/; classtype:trojan-activity;sid:84092786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn2.zip"; depth:20; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229687/; classtype:trojan-activity;sid:84092787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb2.txt"; depth:18; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229685/; classtype:trojan-activity;sid:84092785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn4.zip"; depth:20; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229684/; classtype:trojan-activity;sid:84092784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb5.txt"; depth:18; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229676/; classtype:trojan-activity;sid:84092776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb4.txt"; depth:18; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229677/; classtype:trojan-activity;sid:84092777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb1.txt"; depth:18; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229678/; classtype:trojan-activity;sid:84092778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb7.txt"; depth:18; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229679/; classtype:trojan-activity;sid:84092779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb6.txt"; depth:18; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229680/; classtype:trojan-activity;sid:84092780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb8.txt"; depth:18; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229681/; classtype:trojan-activity;sid:84092781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb3.txt"; depth:18; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229682/; classtype:trojan-activity;sid:84092782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb9.txt"; depth:18; endswith; nocase; http.host; content:"annoyingfiler.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229683/; classtype:trojan-activity;sid:84092783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64.exe"; depth:10; endswith; nocase; http.host; content:"122.51.105.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229675/; classtype:trojan-activity;sid:84092775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.4.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229674/; classtype:trojan-activity;sid:84092774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bitrix/templates/main/js/jquery-3.6.0.min.js"; depth:45; endswith; nocase; http.host; content:"otboiniki-dlia-sten.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229673/; classtype:trojan-activity;sid:84092773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apas.exe.exe"; depth:13; endswith; nocase; http.host; content:"159.65.193.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229672/; classtype:trojan-activity;sid:84092772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/food.exe.exe"; depth:13; endswith; nocase; http.host; content:"159.65.193.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229670/; classtype:trojan-activity;sid:84092770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fud.exe"; depth:8; endswith; nocase; http.host; content:"159.65.193.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229671/; classtype:trojan-activity;sid:84092771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foot.exe"; depth:9; endswith; nocase; http.host; content:"159.65.193.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229669/; classtype:trojan-activity;sid:84092769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.215.113.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229665/; classtype:trojan-activity;sid:84092765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"45.95.169.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229666/; classtype:trojan-activity;sid:84092766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"45.95.169.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229667/; classtype:trojan-activity;sid:84092767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mark/def.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229668/; classtype:trojan-activity;sid:84092768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.106.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229664/; classtype:trojan-activity;sid:84092764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.8.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229663/; classtype:trojan-activity;sid:84092763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.17.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229662/; classtype:trojan-activity;sid:84092762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.126.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229661/; classtype:trojan-activity;sid:84092761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.45.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229658/; classtype:trojan-activity;sid:84092758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.54.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229659/; classtype:trojan-activity;sid:84092759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.220.154.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229660/; classtype:trojan-activity;sid:84092760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.143.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229657/; classtype:trojan-activity;sid:84092757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229656/; classtype:trojan-activity;sid:84092756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.13.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229655/; classtype:trojan-activity;sid:84092755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.137.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229654/; classtype:trojan-activity;sid:84092754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.157.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229653/; classtype:trojan-activity;sid:84092753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.22.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229652/; classtype:trojan-activity;sid:84092752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/pfgus7q55f0at0lqsy7mj/cosmical_setup.dmg|3f|rlkey=pgiyz9hq7iim9vrend86axxp0|7c|26|7c|st=81aigdmg|7c|26|7c|dl=1"; depth:118; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229651/; classtype:trojan-activity;sid:84092751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229650/; classtype:trojan-activity;sid:84092750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.111.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229649/; classtype:trojan-activity;sid:84092749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.25.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229648/; classtype:trojan-activity;sid:84092748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.174.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229646/; classtype:trojan-activity;sid:84092746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"96.84.204.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229647/; classtype:trojan-activity;sid:84092747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.147.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229645/; classtype:trojan-activity;sid:84092745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.21.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229644/; classtype:trojan-activity;sid:84092744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.123.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229643/; classtype:trojan-activity;sid:84092743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.106.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229642/; classtype:trojan-activity;sid:84092742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.58.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229641/; classtype:trojan-activity;sid:84092741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.102.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229640/; classtype:trojan-activity;sid:84092740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.75.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229639/; classtype:trojan-activity;sid:84092739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229638/; classtype:trojan-activity;sid:84092738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.130.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229637/; classtype:trojan-activity;sid:84092737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.185.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229636/; classtype:trojan-activity;sid:84092736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.93.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229635/; classtype:trojan-activity;sid:84092735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.117.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229634/; classtype:trojan-activity;sid:84092734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.54.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229633/; classtype:trojan-activity;sid:84092733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parthmodi152/web3-coding-challenge/zip/refs/heads/main"; depth:55; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229632/; classtype:trojan-activity;sid:84092732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; depth:46; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.165.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229630/; classtype:trojan-activity;sid:84092730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.45.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229629/; classtype:trojan-activity;sid:84092729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.118.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229628/; classtype:trojan-activity;sid:84092728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.208.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229627/; classtype:trojan-activity;sid:84092727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.224.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229626/; classtype:trojan-activity;sid:84092726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.127.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229625/; classtype:trojan-activity;sid:84092725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.27.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229624/; classtype:trojan-activity;sid:84092724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.92.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229623/; classtype:trojan-activity;sid:84092723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.0.109.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229622/; classtype:trojan-activity;sid:84092722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.111.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229620/; classtype:trojan-activity;sid:84092720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.87.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229621/; classtype:trojan-activity;sid:84092721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.110.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229619/; classtype:trojan-activity;sid:84092719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.107.115.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229618/; classtype:trojan-activity;sid:84092718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.185.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229617/; classtype:trojan-activity;sid:84092717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.247.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229616/; classtype:trojan-activity;sid:84092716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.111.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229613/; classtype:trojan-activity;sid:84092713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.81.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229614/; classtype:trojan-activity;sid:84092714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.16.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229615/; classtype:trojan-activity;sid:84092715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.46.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229612/; classtype:trojan-activity;sid:84092712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.43.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229611/; classtype:trojan-activity;sid:84092711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.66.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229610/; classtype:trojan-activity;sid:84092710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.239.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229609/; classtype:trojan-activity;sid:84092709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.130.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229608/; classtype:trojan-activity;sid:84092708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.125.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229606/; classtype:trojan-activity;sid:84092706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.146.227.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229607/; classtype:trojan-activity;sid:84092707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.235.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229604/; classtype:trojan-activity;sid:84092704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.8.217"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229605/; classtype:trojan-activity;sid:84092705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.48.28.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229602/; classtype:trojan-activity;sid:84092702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.186.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229603/; classtype:trojan-activity;sid:84092703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.123.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229601/; classtype:trojan-activity;sid:84092701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.69.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229600/; classtype:trojan-activity;sid:84092700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.93.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229599/; classtype:trojan-activity;sid:84092699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.208.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229598/; classtype:trojan-activity;sid:84092698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229597/; classtype:trojan-activity;sid:84092697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.157.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229596/; classtype:trojan-activity;sid:84092696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.130.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229595/; classtype:trojan-activity;sid:84092695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.90.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229594/; classtype:trojan-activity;sid:84092694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.28.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229593/; classtype:trojan-activity;sid:84092693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.220.154.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229592/; classtype:trojan-activity;sid:84092692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.119.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229591/; classtype:trojan-activity;sid:84092691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.137.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229590/; classtype:trojan-activity;sid:84092690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.26.84.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229589/; classtype:trojan-activity;sid:84092689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.214.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229588/; classtype:trojan-activity;sid:84092688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.249.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229585/; classtype:trojan-activity;sid:84092685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.126.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229586/; classtype:trojan-activity;sid:84092686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.10.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229587/; classtype:trojan-activity;sid:84092687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.176.223.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229584/; classtype:trojan-activity;sid:84092684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.204.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229583/; classtype:trojan-activity;sid:84092683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.111.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229582/; classtype:trojan-activity;sid:84092682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.14.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229581/; classtype:trojan-activity;sid:84092681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.75.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229580/; classtype:trojan-activity;sid:84092680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.26.84.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229579/; classtype:trojan-activity;sid:84092679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.117.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229578/; classtype:trojan-activity;sid:84092678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.30.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229577/; classtype:trojan-activity;sid:84092677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.185.171.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229575/; classtype:trojan-activity;sid:84092675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.113.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229576/; classtype:trojan-activity;sid:84092676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.182.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229574/; classtype:trojan-activity;sid:84092674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.162.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229573/; classtype:trojan-activity;sid:84092673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.164.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229572/; classtype:trojan-activity;sid:84092672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.87.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229571/; classtype:trojan-activity;sid:84092671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.69.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229570/; classtype:trojan-activity;sid:84092670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.208.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229569/; classtype:trojan-activity;sid:84092669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229568/; classtype:trojan-activity;sid:84092668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.157.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229567/; classtype:trojan-activity;sid:84092667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.238.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229566/; classtype:trojan-activity;sid:84092666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.18.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229565/; classtype:trojan-activity;sid:84092665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.59.115.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229563/; classtype:trojan-activity;sid:84092663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.106.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229564/; classtype:trojan-activity;sid:84092664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229562/; classtype:trojan-activity;sid:84092662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.32.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229561/; classtype:trojan-activity;sid:84092661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.90.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229560/; classtype:trojan-activity;sid:84092660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.140.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229559/; classtype:trojan-activity;sid:84092659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"92.26.84.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229558/; classtype:trojan-activity;sid:84092658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.28.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229557/; classtype:trojan-activity;sid:84092657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.249.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229556/; classtype:trojan-activity;sid:84092656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.30.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229555/; classtype:trojan-activity;sid:84092655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.84.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229554/; classtype:trojan-activity;sid:84092654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.176.223.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229553/; classtype:trojan-activity;sid:84092653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.91.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229552/; classtype:trojan-activity;sid:84092652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.202.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229551/; classtype:trojan-activity;sid:84092651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.118.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229550/; classtype:trojan-activity;sid:84092650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.96.129.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229549/; classtype:trojan-activity;sid:84092649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.72.164.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229548/; classtype:trojan-activity;sid:84092648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.35.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229547/; classtype:trojan-activity;sid:84092647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.117.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229546/; classtype:trojan-activity;sid:84092646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.148.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229545/; classtype:trojan-activity;sid:84092645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.129.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229544/; classtype:trojan-activity;sid:84092644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.185.171.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229543/; classtype:trojan-activity;sid:84092643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.39.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229541/; classtype:trojan-activity;sid:84092641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.69.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229542/; classtype:trojan-activity;sid:84092642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229540/; classtype:trojan-activity;sid:84092640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.113.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229539/; classtype:trojan-activity;sid:84092639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.91.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229538/; classtype:trojan-activity;sid:84092638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.34.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229537/; classtype:trojan-activity;sid:84092637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.18.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229536/; classtype:trojan-activity;sid:84092636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.1.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229535/; classtype:trojan-activity;sid:84092635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.24.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229534/; classtype:trojan-activity;sid:84092634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.157.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229533/; classtype:trojan-activity;sid:84092633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.175.66.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229532/; classtype:trojan-activity;sid:84092632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.32.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229531/; classtype:trojan-activity;sid:84092631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.71.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229530/; classtype:trojan-activity;sid:84092630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.94.193.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229529/; classtype:trojan-activity;sid:84092629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.175.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229528/; classtype:trojan-activity;sid:84092628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229527/; classtype:trojan-activity;sid:84092627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.197.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229526/; classtype:trojan-activity;sid:84092626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229525/; classtype:trojan-activity;sid:84092625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.31.82.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229524/; classtype:trojan-activity;sid:84092624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.99.57"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229523/; classtype:trojan-activity;sid:84092623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.81.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229522/; classtype:trojan-activity;sid:84092622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.252.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229521/; classtype:trojan-activity;sid:84092621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.97.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229520/; classtype:trojan-activity;sid:84092620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.87.115"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229519/; classtype:trojan-activity;sid:84092619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.84.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229518/; classtype:trojan-activity;sid:84092618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.13.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229517/; classtype:trojan-activity;sid:84092617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.220.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229516/; classtype:trojan-activity;sid:84092616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229515/; classtype:trojan-activity;sid:84092615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.61.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229514/; classtype:trojan-activity;sid:84092614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.162.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229513/; classtype:trojan-activity;sid:84092613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.95.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229512/; classtype:trojan-activity;sid:84092612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.157.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229511/; classtype:trojan-activity;sid:84092611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.239.227.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229510/; classtype:trojan-activity;sid:84092610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.59.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229509/; classtype:trojan-activity;sid:84092609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.172.54.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229508/; classtype:trojan-activity;sid:84092608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.172.214.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229507/; classtype:trojan-activity;sid:84092607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.1.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229506/; classtype:trojan-activity;sid:84092606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.94.193.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229505/; classtype:trojan-activity;sid:84092605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.237.33.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229504/; classtype:trojan-activity;sid:84092604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.25.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229503/; classtype:trojan-activity;sid:84092603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.97.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229502/; classtype:trojan-activity;sid:84092602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.3.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229501/; classtype:trojan-activity;sid:84092601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.34.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229500/; classtype:trojan-activity;sid:84092600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.71.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229499/; classtype:trojan-activity;sid:84092599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.150.119.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229498/; classtype:trojan-activity;sid:84092598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.224.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229497/; classtype:trojan-activity;sid:84092597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.120.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229496/; classtype:trojan-activity;sid:84092596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.151.219.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229495/; classtype:trojan-activity;sid:84092595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229494/; classtype:trojan-activity;sid:84092594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229493/; classtype:trojan-activity;sid:84092593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.82.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229492/; classtype:trojan-activity;sid:84092592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.124.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229491/; classtype:trojan-activity;sid:84092591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.232.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229490/; classtype:trojan-activity;sid:84092590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.19.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229489/; classtype:trojan-activity;sid:84092589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.130.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229488/; classtype:trojan-activity;sid:84092588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.242.166.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229487/; classtype:trojan-activity;sid:84092587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.233.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229486/; classtype:trojan-activity;sid:84092586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.61.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229485/; classtype:trojan-activity;sid:84092585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.157.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229484/; classtype:trojan-activity;sid:84092584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.238.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229483/; classtype:trojan-activity;sid:84092583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.217.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229482/; classtype:trojan-activity;sid:84092582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.230.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229481/; classtype:trojan-activity;sid:84092581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.58.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229480/; classtype:trojan-activity;sid:84092580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.25.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229479/; classtype:trojan-activity;sid:84092579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.127.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229478/; classtype:trojan-activity;sid:84092578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.37.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229477/; classtype:trojan-activity;sid:84092577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.82.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229476/; classtype:trojan-activity;sid:84092576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.69.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229475/; classtype:trojan-activity;sid:84092575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.172.214.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229474/; classtype:trojan-activity;sid:84092574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.71.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229473/; classtype:trojan-activity;sid:84092573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.54.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229472/; classtype:trojan-activity;sid:84092572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.232.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229471/; classtype:trojan-activity;sid:84092571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.24.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229470/; classtype:trojan-activity;sid:84092570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.73.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229469/; classtype:trojan-activity;sid:84092569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.46.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229468/; classtype:trojan-activity;sid:84092568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.187.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229467/; classtype:trojan-activity;sid:84092567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.166.214.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229465/; classtype:trojan-activity;sid:84092565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229466/; classtype:trojan-activity;sid:84092566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229464/; classtype:trojan-activity;sid:84092564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.242.166.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229463/; classtype:trojan-activity;sid:84092563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vre"; depth:4; endswith; nocase; http.host; content:"194.5.98.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229462/; classtype:trojan-activity;sid:84092562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.111.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229461/; classtype:trojan-activity;sid:84092561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.52.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229460/; classtype:trojan-activity;sid:84092560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.50.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229458/; classtype:trojan-activity;sid:84092558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.89.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229459/; classtype:trojan-activity;sid:84092559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.190.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229455/; classtype:trojan-activity;sid:84092555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.251.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229456/; classtype:trojan-activity;sid:84092556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.31.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229457/; classtype:trojan-activity;sid:84092557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.217.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229454/; classtype:trojan-activity;sid:84092554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.179.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229453/; classtype:trojan-activity;sid:84092553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.225.51.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229452/; classtype:trojan-activity;sid:84092552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.50.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229451/; classtype:trojan-activity;sid:84092551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.238.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229450/; classtype:trojan-activity;sid:84092550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.33.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229449/; classtype:trojan-activity;sid:84092549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.167.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229448/; classtype:trojan-activity;sid:84092548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.82.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229447/; classtype:trojan-activity;sid:84092547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.248.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229446/; classtype:trojan-activity;sid:84092546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229445/; classtype:trojan-activity;sid:84092545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.251.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229444/; classtype:trojan-activity;sid:84092544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229443/; classtype:trojan-activity;sid:84092543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.85.136"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229442/; classtype:trojan-activity;sid:84092542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.82.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229441/; classtype:trojan-activity;sid:84092541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.12.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229440/; classtype:trojan-activity;sid:84092540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.231.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229439/; classtype:trojan-activity;sid:84092539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.71.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229438/; classtype:trojan-activity;sid:84092538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229437/; classtype:trojan-activity;sid:84092537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.166.214.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229435/; classtype:trojan-activity;sid:84092535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.45.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229436/; classtype:trojan-activity;sid:84092536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.31.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229432/; classtype:trojan-activity;sid:84092532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.94.31.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229433/; classtype:trojan-activity;sid:84092533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.11.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229434/; classtype:trojan-activity;sid:84092534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.87.115"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229431/; classtype:trojan-activity;sid:84092531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.89.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229430/; classtype:trojan-activity;sid:84092530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.187.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229429/; classtype:trojan-activity;sid:84092529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.225.51.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229428/; classtype:trojan-activity;sid:84092528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.m68k"; depth:15; endswith; nocase; http.host; content:"107.175.31.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229427/; classtype:trojan-activity;sid:84092527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm6"; depth:15; endswith; nocase; http.host; content:"107.175.31.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229425/; classtype:trojan-activity;sid:84092525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.sh4"; depth:14; endswith; nocase; http.host; content:"107.175.31.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229426/; classtype:trojan-activity;sid:84092526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.ppc"; depth:14; endswith; nocase; http.host; content:"107.175.31.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229422/; classtype:trojan-activity;sid:84092522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.mips"; depth:15; endswith; nocase; http.host; content:"107.175.31.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229423/; classtype:trojan-activity;sid:84092523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm5"; depth:15; endswith; nocase; http.host; content:"107.175.31.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229424/; classtype:trojan-activity;sid:84092524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.220.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229418/; classtype:trojan-activity;sid:84092518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm"; depth:14; endswith; nocase; http.host; content:"107.175.31.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229419/; classtype:trojan-activity;sid:84092519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.spc"; depth:14; endswith; nocase; http.host; content:"107.175.31.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229420/; classtype:trojan-activity;sid:84092520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm7"; depth:15; endswith; nocase; http.host; content:"107.175.31.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229421/; classtype:trojan-activity;sid:84092521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.14.111"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229417/; classtype:trojan-activity;sid:84092517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.5.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229416/; classtype:trojan-activity;sid:84092516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.58.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229415/; classtype:trojan-activity;sid:84092515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.77.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229413/; classtype:trojan-activity;sid:84092513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.101.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229414/; classtype:trojan-activity;sid:84092514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229412/; classtype:trojan-activity;sid:84092512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.85.136"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229411/; classtype:trojan-activity;sid:84092511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.208.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229410/; classtype:trojan-activity;sid:84092510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229409/; classtype:trojan-activity;sid:84092509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.85.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229408/; classtype:trojan-activity;sid:84092508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.69.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229407/; classtype:trojan-activity;sid:84092507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.196.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229406/; classtype:trojan-activity;sid:84092506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.78.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229405/; classtype:trojan-activity;sid:84092505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.84.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229404/; classtype:trojan-activity;sid:84092504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.12.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229402/; classtype:trojan-activity;sid:84092502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.12.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229403/; classtype:trojan-activity;sid:84092503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.160.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229401/; classtype:trojan-activity;sid:84092501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.80.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229400/; classtype:trojan-activity;sid:84092500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.101.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229399/; classtype:trojan-activity;sid:84092499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.167.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229398/; classtype:trojan-activity;sid:84092498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.96.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229397/; classtype:trojan-activity;sid:84092497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.240.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229396/; classtype:trojan-activity;sid:84092496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.101.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229395/; classtype:trojan-activity;sid:84092495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.233.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229394/; classtype:trojan-activity;sid:84092494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229393/; classtype:trojan-activity;sid:84092493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.219.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229392/; classtype:trojan-activity;sid:84092492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229391/; classtype:trojan-activity;sid:84092491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.244.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229390/; classtype:trojan-activity;sid:84092490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.123.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229388/; classtype:trojan-activity;sid:84092488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.21.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229389/; classtype:trojan-activity;sid:84092489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229387/; classtype:trojan-activity;sid:84092487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.14.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229385/; classtype:trojan-activity;sid:84092485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.12.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229386/; classtype:trojan-activity;sid:84092486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.183.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229384/; classtype:trojan-activity;sid:84092484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.149.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229383/; classtype:trojan-activity;sid:84092483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229382/; classtype:trojan-activity;sid:84092482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.222.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229381/; classtype:trojan-activity;sid:84092481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.99.203"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229379/; classtype:trojan-activity;sid:84092479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.59.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229380/; classtype:trojan-activity;sid:84092480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.84.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229378/; classtype:trojan-activity;sid:84092478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.166.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229377/; classtype:trojan-activity;sid:84092477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.85.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229376/; classtype:trojan-activity;sid:84092476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.77.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229374/; classtype:trojan-activity;sid:84092474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.196.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229375/; classtype:trojan-activity;sid:84092475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229373/; classtype:trojan-activity;sid:84092473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.127.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229372/; classtype:trojan-activity;sid:84092472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.163.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229371/; classtype:trojan-activity;sid:84092471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229370/; classtype:trojan-activity;sid:84092470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.11.83"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229369/; classtype:trojan-activity;sid:84092469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.85.35"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229368/; classtype:trojan-activity;sid:84092468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.9.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229367/; classtype:trojan-activity;sid:84092467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.58.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229366/; classtype:trojan-activity;sid:84092466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.242.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229364/; classtype:trojan-activity;sid:84092464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.176.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229365/; classtype:trojan-activity;sid:84092465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.12.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229363/; classtype:trojan-activity;sid:84092463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.237.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229361/; classtype:trojan-activity;sid:84092461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.77.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229362/; classtype:trojan-activity;sid:84092462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.41.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229360/; classtype:trojan-activity;sid:84092460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.30.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229359/; classtype:trojan-activity;sid:84092459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.135.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229358/; classtype:trojan-activity;sid:84092458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.112.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229357/; classtype:trojan-activity;sid:84092457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.178.38.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229355/; classtype:trojan-activity;sid:84092455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.187.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229356/; classtype:trojan-activity;sid:84092456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.183.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229354/; classtype:trojan-activity;sid:84092454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.187.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229353/; classtype:trojan-activity;sid:84092453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.36.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229352/; classtype:trojan-activity;sid:84092452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.187.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229351/; classtype:trojan-activity;sid:84092451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229350/; classtype:trojan-activity;sid:84092450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.222.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229349/; classtype:trojan-activity;sid:84092449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.78.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229348/; classtype:trojan-activity;sid:84092448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.14.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229347/; classtype:trojan-activity;sid:84092447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229346/; classtype:trojan-activity;sid:84092446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.99.203"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229345/; classtype:trojan-activity;sid:84092445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.233.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229344/; classtype:trojan-activity;sid:84092444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229343/; classtype:trojan-activity;sid:84092443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.130.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229342/; classtype:trojan-activity;sid:84092442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.166.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229341/; classtype:trojan-activity;sid:84092441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.85.35"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229340/; classtype:trojan-activity;sid:84092440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.17.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229339/; classtype:trojan-activity;sid:84092439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.64.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229338/; classtype:trojan-activity;sid:84092438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.149.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229337/; classtype:trojan-activity;sid:84092437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.251.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229336/; classtype:trojan-activity;sid:84092436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.29.60.47"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229335/; classtype:trojan-activity;sid:84092435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.177.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229334/; classtype:trojan-activity;sid:84092434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.167.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229333/; classtype:trojan-activity;sid:84092433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.174.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229332/; classtype:trojan-activity;sid:84092432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.83.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229331/; classtype:trojan-activity;sid:84092431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.38.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229330/; classtype:trojan-activity;sid:84092430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229329/; classtype:trojan-activity;sid:84092429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.120.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229327/; classtype:trojan-activity;sid:84092427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.11.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229328/; classtype:trojan-activity;sid:84092428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.63.36.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229326/; classtype:trojan-activity;sid:84092426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.92.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229325/; classtype:trojan-activity;sid:84092425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.85.33.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229322/; classtype:trojan-activity;sid:84092422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.198.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229323/; classtype:trojan-activity;sid:84092423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.242.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229324/; classtype:trojan-activity;sid:84092424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.30.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229321/; classtype:trojan-activity;sid:84092421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.10.180.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229320/; classtype:trojan-activity;sid:84092420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.94.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229319/; classtype:trojan-activity;sid:84092419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.163.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229318/; classtype:trojan-activity;sid:84092418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.252.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229317/; classtype:trojan-activity;sid:84092417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229316/; classtype:trojan-activity;sid:84092416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.142.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229315/; classtype:trojan-activity;sid:84092415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.217.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229313/; classtype:trojan-activity;sid:84092413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.75.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229314/; classtype:trojan-activity;sid:84092414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.246.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229311/; classtype:trojan-activity;sid:84092411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.41.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229312/; classtype:trojan-activity;sid:84092412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.44.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229310/; classtype:trojan-activity;sid:84092410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.x86"; depth:14; endswith; nocase; http.host; content:"107.175.31.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229309/; classtype:trojan-activity;sid:84092409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.223.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229308/; classtype:trojan-activity;sid:84092408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.182.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229307/; classtype:trojan-activity;sid:84092407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.78.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229306/; classtype:trojan-activity;sid:84092406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.103.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229305/; classtype:trojan-activity;sid:84092405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.29.148"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229304/; classtype:trojan-activity;sid:84092404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229303/; classtype:trojan-activity;sid:84092403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.100.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229302/; classtype:trojan-activity;sid:84092402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.91.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229301/; classtype:trojan-activity;sid:84092401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.253.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229300/; classtype:trojan-activity;sid:84092400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/malesa/66fa7e7373674_4.exe"; depth:27; endswith; nocase; http.host; content:"kale.amwebsolution.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229299/; classtype:trojan-activity;sid:84092399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.17.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229298/; classtype:trojan-activity;sid:84092398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.174.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229297/; classtype:trojan-activity;sid:84092397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229296/; classtype:trojan-activity;sid:84092396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.128.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229295/; classtype:trojan-activity;sid:84092395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.35.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229294/; classtype:trojan-activity;sid:84092394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.76.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229293/; classtype:trojan-activity;sid:84092393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.11.83"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229292/; classtype:trojan-activity;sid:84092392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.62.214.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229290/; classtype:trojan-activity;sid:84092390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.167.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229291/; classtype:trojan-activity;sid:84092391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"210.10.180.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229289/; classtype:trojan-activity;sid:84092389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.13.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229288/; classtype:trojan-activity;sid:84092388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.96.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229287/; classtype:trojan-activity;sid:84092387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.88.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229286/; classtype:trojan-activity;sid:84092386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.217.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229285/; classtype:trojan-activity;sid:84092385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.198.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229283/; classtype:trojan-activity;sid:84092383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.75.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229284/; classtype:trojan-activity;sid:84092384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.78.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229282/; classtype:trojan-activity;sid:84092382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.100.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229280/; classtype:trojan-activity;sid:84092380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.91.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229281/; classtype:trojan-activity;sid:84092381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.236.65.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229279/; classtype:trojan-activity;sid:84092379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.253.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229278/; classtype:trojan-activity;sid:84092378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.233.170.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229277/; classtype:trojan-activity;sid:84092377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229276/; classtype:trojan-activity;sid:84092376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.123.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229274/; classtype:trojan-activity;sid:84092374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.80.4"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229275/; classtype:trojan-activity;sid:84092375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.168.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229273/; classtype:trojan-activity;sid:84092373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.13.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229272/; classtype:trojan-activity;sid:84092372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.29.148"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229271/; classtype:trojan-activity;sid:84092371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.22.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229270/; classtype:trojan-activity;sid:84092370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.232.13.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229269/; classtype:trojan-activity;sid:84092369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.107.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229268/; classtype:trojan-activity;sid:84092368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229267/; classtype:trojan-activity;sid:84092367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.196.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229266/; classtype:trojan-activity;sid:84092366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.128.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229265/; classtype:trojan-activity;sid:84092365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.183.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229264/; classtype:trojan-activity;sid:84092364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.134.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229263/; classtype:trojan-activity;sid:84092363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.120.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229261/; classtype:trojan-activity;sid:84092361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.119.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229262/; classtype:trojan-activity;sid:84092362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.62.214.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229260/; classtype:trojan-activity;sid:84092360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.53.34.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229259/; classtype:trojan-activity;sid:84092359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.27.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229258/; classtype:trojan-activity;sid:84092358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.87.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229257/; classtype:trojan-activity;sid:84092357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.22.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229256/; classtype:trojan-activity;sid:84092356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.123.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229255/; classtype:trojan-activity;sid:84092355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.97.162.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229254/; classtype:trojan-activity;sid:84092354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.199.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229252/; classtype:trojan-activity;sid:84092352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.93.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229253/; classtype:trojan-activity;sid:84092353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.228.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229251/; classtype:trojan-activity;sid:84092351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.76.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229250/; classtype:trojan-activity;sid:84092350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.13.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229249/; classtype:trojan-activity;sid:84092349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb3.txt"; depth:18; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229244/; classtype:trojan-activity;sid:84092344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb4.txt"; depth:18; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229245/; classtype:trojan-activity;sid:84092345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb1.txt"; depth:18; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229246/; classtype:trojan-activity;sid:84092346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb2.txt"; depth:18; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229247/; classtype:trojan-activity;sid:84092347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.238.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229248/; classtype:trojan-activity;sid:84092348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb9.txt"; depth:18; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229239/; classtype:trojan-activity;sid:84092339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb5.txt"; depth:18; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229240/; classtype:trojan-activity;sid:84092340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb6.txt"; depth:18; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229241/; classtype:trojan-activity;sid:84092341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb8.txt"; depth:18; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229242/; classtype:trojan-activity;sid:84092342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb7.txt"; depth:18; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229243/; classtype:trojan-activity;sid:84092343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn1.zip"; depth:20; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229238/; classtype:trojan-activity;sid:84092338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.96.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229237/; classtype:trojan-activity;sid:84092337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn1.zip"; depth:20; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229235/; classtype:trojan-activity;sid:84092335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn2.zip"; depth:20; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229236/; classtype:trojan-activity;sid:84092336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn2.zip"; depth:20; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229234/; classtype:trojan-activity;sid:84092334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn5.zip"; depth:20; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229233/; classtype:trojan-activity;sid:84092333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn5.zip"; depth:20; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229232/; classtype:trojan-activity;sid:84092332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn4.zip"; depth:20; endswith; nocase; http.host; content:"jokingnations.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229231/; classtype:trojan-activity;sid:84092331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.44.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229230/; classtype:trojan-activity;sid:84092330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn4.zip"; depth:20; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229229/; classtype:trojan-activity;sid:84092329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb2.txt"; depth:18; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229228/; classtype:trojan-activity;sid:84092328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb1.txt"; depth:18; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229220/; classtype:trojan-activity;sid:84092320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb9.txt"; depth:18; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229221/; classtype:trojan-activity;sid:84092321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb6.txt"; depth:18; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229222/; classtype:trojan-activity;sid:84092322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb7.txt"; depth:18; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229223/; classtype:trojan-activity;sid:84092323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb8.txt"; depth:18; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229224/; classtype:trojan-activity;sid:84092324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb3.txt"; depth:18; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229225/; classtype:trojan-activity;sid:84092325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb5.txt"; depth:18; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229226/; classtype:trojan-activity;sid:84092326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb4.txt"; depth:18; endswith; nocase; http.host; content:"pleasegetthisfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229227/; classtype:trojan-activity;sid:84092327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.251.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229219/; classtype:trojan-activity;sid:84092319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.142.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229217/; classtype:trojan-activity;sid:84092317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.188.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229218/; classtype:trojan-activity;sid:84092318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn2.zip"; depth:20; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229216/; classtype:trojan-activity;sid:84092316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn1.zip"; depth:20; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229215/; classtype:trojan-activity;sid:84092315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn5.zip"; depth:20; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229214/; classtype:trojan-activity;sid:84092314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb2.txt"; depth:18; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229212/; classtype:trojan-activity;sid:84092312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kbsn4.zip"; depth:20; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229213/; classtype:trojan-activity;sid:84092313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb1.txt"; depth:18; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229204/; classtype:trojan-activity;sid:84092304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb5.txt"; depth:18; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229205/; classtype:trojan-activity;sid:84092305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb4.txt"; depth:18; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229206/; classtype:trojan-activity;sid:84092306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb8.txt"; depth:18; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229207/; classtype:trojan-activity;sid:84092307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb7.txt"; depth:18; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229208/; classtype:trojan-activity;sid:84092308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb6.txt"; depth:18; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229209/; classtype:trojan-activity;sid:84092309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb3.txt"; depth:18; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229210/; classtype:trojan-activity;sid:84092310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requested/kb9.txt"; depth:18; endswith; nocase; http.host; content:"apocalypsedoer.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229211/; classtype:trojan-activity;sid:84092311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.160.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229203/; classtype:trojan-activity;sid:84092303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.14.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229202/; classtype:trojan-activity;sid:84092302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.126.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229201/; classtype:trojan-activity;sid:84092301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.127.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229200/; classtype:trojan-activity;sid:84092300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.152.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229199/; classtype:trojan-activity;sid:84092299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.191.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229198/; classtype:trojan-activity;sid:84092298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.31.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229197/; classtype:trojan-activity;sid:84092297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.194.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229196/; classtype:trojan-activity;sid:84092296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.75.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229195/; classtype:trojan-activity;sid:84092295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.28.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229192/; classtype:trojan-activity;sid:84092292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.222.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229193/; classtype:trojan-activity;sid:84092293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.99.57"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229194/; classtype:trojan-activity;sid:84092294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.2.3"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229191/; classtype:trojan-activity;sid:84092291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.27.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229190/; classtype:trojan-activity;sid:84092290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.33.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229189/; classtype:trojan-activity;sid:84092289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.167.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229187/; classtype:trojan-activity;sid:84092287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.48.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229188/; classtype:trojan-activity;sid:84092288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.84.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229185/; classtype:trojan-activity;sid:84092285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.38.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229186/; classtype:trojan-activity;sid:84092286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.243.152.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229184/; classtype:trojan-activity;sid:84092284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.118.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229182/; classtype:trojan-activity;sid:84092282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.8.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229183/; classtype:trojan-activity;sid:84092283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229177/; classtype:trojan-activity;sid:84092277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229178/; classtype:trojan-activity;sid:84092278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/nss3.dll"; depth:26; endswith; nocase; http.host; content:"62.204.41.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229179/; classtype:trojan-activity;sid:84092279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.228.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229180/; classtype:trojan-activity;sid:84092280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229181/; classtype:trojan-activity;sid:84092281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229174/; classtype:trojan-activity;sid:84092274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229175/; classtype:trojan-activity;sid:84092275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.226.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229176/; classtype:trojan-activity;sid:84092276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"62.204.41.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229173/; classtype:trojan-activity;sid:84092273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.58.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229172/; classtype:trojan-activity;sid:84092272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.13.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229171/; classtype:trojan-activity;sid:84092271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.97.162.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229170/; classtype:trojan-activity;sid:84092270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.8.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229169/; classtype:trojan-activity;sid:84092269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.235.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229168/; classtype:trojan-activity;sid:84092268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.128.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229167/; classtype:trojan-activity;sid:84092267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.161.11.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229164/; classtype:trojan-activity;sid:84092264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.25.237.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229165/; classtype:trojan-activity;sid:84092265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.49.121.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229166/; classtype:trojan-activity;sid:84092266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.126.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229163/; classtype:trojan-activity;sid:84092263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.95.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229160/; classtype:trojan-activity;sid:84092260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229161/; classtype:trojan-activity;sid:84092261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.11.217"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229162/; classtype:trojan-activity;sid:84092262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.214.25.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229158/; classtype:trojan-activity;sid:84092258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.44.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229159/; classtype:trojan-activity;sid:84092259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.194.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229157/; classtype:trojan-activity;sid:84092257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.222.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229155/; classtype:trojan-activity;sid:84092255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.139.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229156/; classtype:trojan-activity;sid:84092256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.240.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229154/; classtype:trojan-activity;sid:84092254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.12.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229153/; classtype:trojan-activity;sid:84092253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.167.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229152/; classtype:trojan-activity;sid:84092252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.4.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229151/; classtype:trojan-activity;sid:84092251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.10.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229149/; classtype:trojan-activity;sid:84092249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.28.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229150/; classtype:trojan-activity;sid:84092250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"45.128.232.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229148/; classtype:trojan-activity;sid:84092248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.33.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229147/; classtype:trojan-activity;sid:84092247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.206.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229145/; classtype:trojan-activity;sid:84092245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.116.242.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229146/; classtype:trojan-activity;sid:84092246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.206.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229144/; classtype:trojan-activity;sid:84092244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol.sh"; depth:7; endswith; nocase; http.host; content:"146.19.191.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229143/; classtype:trojan-activity;sid:84092243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.8.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229142/; classtype:trojan-activity;sid:84092242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.1.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229141/; classtype:trojan-activity;sid:84092241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.147.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229140/; classtype:trojan-activity;sid:84092240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.12.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229139/; classtype:trojan-activity;sid:84092239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.226.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229138/; classtype:trojan-activity;sid:84092238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.191.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229137/; classtype:trojan-activity;sid:84092237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.137.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229136/; classtype:trojan-activity;sid:84092236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.104.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229135/; classtype:trojan-activity;sid:84092235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.219.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229134/; classtype:trojan-activity;sid:84092234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.248.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229132/; classtype:trojan-activity;sid:84092232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.189.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229133/; classtype:trojan-activity;sid:84092233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.214.25.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229131/; classtype:trojan-activity;sid:84092231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.31.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229130/; classtype:trojan-activity;sid:84092230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.11.217"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229129/; classtype:trojan-activity;sid:84092229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.130.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229128/; classtype:trojan-activity;sid:84092228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.53.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229126/; classtype:trojan-activity;sid:84092226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.204.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229127/; classtype:trojan-activity;sid:84092227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.95.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229125/; classtype:trojan-activity;sid:84092225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.224.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229124/; classtype:trojan-activity;sid:84092224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.235.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229123/; classtype:trojan-activity;sid:84092223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.12.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229122/; classtype:trojan-activity;sid:84092222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.252.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229121/; classtype:trojan-activity;sid:84092221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.167.175.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229119/; classtype:trojan-activity;sid:84092219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.4.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229120/; classtype:trojan-activity;sid:84092220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.8.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229118/; classtype:trojan-activity;sid:84092218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.53.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229117/; classtype:trojan-activity;sid:84092217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.18.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229116/; classtype:trojan-activity;sid:84092216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229115/; classtype:trojan-activity;sid:84092215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.178.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229113/; classtype:trojan-activity;sid:84092213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.187.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229114/; classtype:trojan-activity;sid:84092214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.72.155"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229112/; classtype:trojan-activity;sid:84092212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.70.21.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229110/; classtype:trojan-activity;sid:84092210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229111/; classtype:trojan-activity;sid:84092211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.112.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229108/; classtype:trojan-activity;sid:84092208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.113.131.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229109/; classtype:trojan-activity;sid:84092209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.236.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229107/; classtype:trojan-activity;sid:84092207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.42.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229106/; classtype:trojan-activity;sid:84092206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.252.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229105/; classtype:trojan-activity;sid:84092205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.248.12.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229104/; classtype:trojan-activity;sid:84092204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol.sh"; depth:7; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229102/; classtype:trojan-activity;sid:84092202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol"; depth:4; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229103/; classtype:trojan-activity;sid:84092203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.44.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229100/; classtype:trojan-activity;sid:84092200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.206.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229101/; classtype:trojan-activity;sid:84092201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel.nn"; depth:10; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229099/; classtype:trojan-activity;sid:84092199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6.nn"; depth:8; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229094/; classtype:trojan-activity;sid:84092194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips.nn"; depth:8; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229095/; classtype:trojan-activity;sid:84092195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7.nn"; depth:8; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229096/; classtype:trojan-activity;sid:84092196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32.nn"; depth:10; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229097/; classtype:trojan-activity;sid:84092197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229098/; classtype:trojan-activity;sid:84092198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5.nn"; depth:8; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229090/; classtype:trojan-activity;sid:84092190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64.nn"; depth:10; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229091/; classtype:trojan-activity;sid:84092191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm.nn"; depth:7; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229092/; classtype:trojan-activity;sid:84092192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"ms-email-recoveryid.line.pm"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229093/; classtype:trojan-activity;sid:84092193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.10.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229088/; classtype:trojan-activity;sid:84092188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.137.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229089/; classtype:trojan-activity;sid:84092189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.219.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229087/; classtype:trojan-activity;sid:84092187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.104.220.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229086/; classtype:trojan-activity;sid:84092186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.127.218.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229084/; classtype:trojan-activity;sid:84092184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.217.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229085/; classtype:trojan-activity;sid:84092185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.35.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229081/; classtype:trojan-activity;sid:84092181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.86.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229082/; classtype:trojan-activity;sid:84092182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.104.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229083/; classtype:trojan-activity;sid:84092183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.142.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229080/; classtype:trojan-activity;sid:84092180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.189.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229079/; classtype:trojan-activity;sid:84092179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.42.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229078/; classtype:trojan-activity;sid:84092178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.248.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229077/; classtype:trojan-activity;sid:84092177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.130.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229075/; classtype:trojan-activity;sid:84092175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.153.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229076/; classtype:trojan-activity;sid:84092176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.193.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229074/; classtype:trojan-activity;sid:84092174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.86.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229073/; classtype:trojan-activity;sid:84092173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.190.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229072/; classtype:trojan-activity;sid:84092172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.115.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229071/; classtype:trojan-activity;sid:84092171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229070/; classtype:trojan-activity;sid:84092170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.87.190.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229068/; classtype:trojan-activity;sid:84092168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.42.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229069/; classtype:trojan-activity;sid:84092169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.66.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229067/; classtype:trojan-activity;sid:84092167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.72.164.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229066/; classtype:trojan-activity;sid:84092166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.224.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229065/; classtype:trojan-activity;sid:84092165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229064/; classtype:trojan-activity;sid:84092164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.235.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229061/; classtype:trojan-activity;sid:84092161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.88.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229062/; classtype:trojan-activity;sid:84092162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.132.77.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229063/; classtype:trojan-activity;sid:84092163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.96.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229060/; classtype:trojan-activity;sid:84092160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.97.167.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229059/; classtype:trojan-activity;sid:84092159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.155.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229058/; classtype:trojan-activity;sid:84092158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.127.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229057/; classtype:trojan-activity;sid:84092157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.31.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229056/; classtype:trojan-activity;sid:84092156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.216.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229055/; classtype:trojan-activity;sid:84092155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.130.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229054/; classtype:trojan-activity;sid:84092154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.82.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229053/; classtype:trojan-activity;sid:84092153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.11.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229052/; classtype:trojan-activity;sid:84092152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.97.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229051/; classtype:trojan-activity;sid:84092151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.207.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229050/; classtype:trojan-activity;sid:84092150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.142.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229049/; classtype:trojan-activity;sid:84092149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.124.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229048/; classtype:trojan-activity;sid:84092148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.130.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229047/; classtype:trojan-activity;sid:84092147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.153.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229046/; classtype:trojan-activity;sid:84092146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.40.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229045/; classtype:trojan-activity;sid:84092145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.190.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229044/; classtype:trojan-activity;sid:84092144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.53.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229043/; classtype:trojan-activity;sid:84092143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.165.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229042/; classtype:trojan-activity;sid:84092142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.130.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229041/; classtype:trojan-activity;sid:84092141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.246.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229040/; classtype:trojan-activity;sid:84092140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.39.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229039/; classtype:trojan-activity;sid:84092139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdown"; depth:6; endswith; nocase; http.host; content:"147.124.214.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229038/; classtype:trojan-activity;sid:84092138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdown"; depth:6; endswith; nocase; http.host; content:"147.124.214.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229037/; classtype:trojan-activity;sid:84092137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdown"; depth:6; endswith; nocase; http.host; content:"147.124.214.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229036/; classtype:trojan-activity;sid:84092136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdown"; depth:6; endswith; nocase; http.host; content:"67.203.7.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229035/; classtype:trojan-activity;sid:84092135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.235.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229034/; classtype:trojan-activity;sid:84092134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.15.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229033/; classtype:trojan-activity;sid:84092133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.183.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229032/; classtype:trojan-activity;sid:84092132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.168.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229031/; classtype:trojan-activity;sid:84092131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.43.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229030/; classtype:trojan-activity;sid:84092130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.231.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229028/; classtype:trojan-activity;sid:84092128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.89.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229029/; classtype:trojan-activity;sid:84092129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.137.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229027/; classtype:trojan-activity;sid:84092127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.96.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229026/; classtype:trojan-activity;sid:84092126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.155.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229025/; classtype:trojan-activity;sid:84092125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.202.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229024/; classtype:trojan-activity;sid:84092124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.185.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229023/; classtype:trojan-activity;sid:84092123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.230.66.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229022/; classtype:trojan-activity;sid:84092122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.11.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229021/; classtype:trojan-activity;sid:84092121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.252.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229020/; classtype:trojan-activity;sid:84092120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.248.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229019/; classtype:trojan-activity;sid:84092119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229018/; classtype:trojan-activity;sid:84092118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229017/; classtype:trojan-activity;sid:84092117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.231.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229016/; classtype:trojan-activity;sid:84092116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.245.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229014/; classtype:trojan-activity;sid:84092114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.48.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229015/; classtype:trojan-activity;sid:84092115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.151.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229013/; classtype:trojan-activity;sid:84092113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gdffffffff/ddddd/downloads/afagbam.txt"; depth:39; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229012/; classtype:trojan-activity;sid:84092112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.88.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229011/; classtype:trojan-activity;sid:84092111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.204.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229010/; classtype:trojan-activity;sid:84092110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.39.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229009/; classtype:trojan-activity;sid:84092109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/idekpfr.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229008/; classtype:trojan-activity;sid:84092108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/cbkdgfi.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229007/; classtype:trojan-activity;sid:84092107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ofkrids.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229006/; classtype:trojan-activity;sid:84092106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ogjankk.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229004/; classtype:trojan-activity;sid:84092104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/arihpjk.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229005/; classtype:trojan-activity;sid:84092105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/jgikipa.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229003/; classtype:trojan-activity;sid:84092103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/fdhjfoi.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228998/; classtype:trojan-activity;sid:84092098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/bgadiaa.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228999/; classtype:trojan-activity;sid:84092099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ccsmpkn.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229000/; classtype:trojan-activity;sid:84092100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/pkfabha.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229001/; classtype:trojan-activity;sid:84092101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/pksfiff.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3229002/; classtype:trojan-activity;sid:84092102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/gafkiki.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228993/; classtype:trojan-activity;sid:84092093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/bjmnddj.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228994/; classtype:trojan-activity;sid:84092094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/discmad.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228995/; classtype:trojan-activity;sid:84092095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/jimokdi.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228996/; classtype:trojan-activity;sid:84092096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ommnfio.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228997/; classtype:trojan-activity;sid:84092097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/rabhibi.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228988/; classtype:trojan-activity;sid:84092088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ekjddfo.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228989/; classtype:trojan-activity;sid:84092089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/eaijofm.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228990/; classtype:trojan-activity;sid:84092090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/dakoimo.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228991/; classtype:trojan-activity;sid:84092091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/hdrnmag.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228992/; classtype:trojan-activity;sid:84092092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ikdgmon.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228984/; classtype:trojan-activity;sid:84092084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/frbmedo.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228985/; classtype:trojan-activity;sid:84092085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/kaemorg.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228986/; classtype:trojan-activity;sid:84092086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/kimjhsf.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228987/; classtype:trojan-activity;sid:84092087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/mmmphkd.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228983/; classtype:trojan-activity;sid:84092083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ocpfifs.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228980/; classtype:trojan-activity;sid:84092080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/oigddhk.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228981/; classtype:trojan-activity;sid:84092081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/dgamppp.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228982/; classtype:trojan-activity;sid:84092082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/famamac.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228978/; classtype:trojan-activity;sid:84092078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/fegojdp.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228979/; classtype:trojan-activity;sid:84092079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/dambfrb.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228977/; classtype:trojan-activity;sid:84092077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/nkcjmik.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228976/; classtype:trojan-activity;sid:84092076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/frkdgor.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228975/; classtype:trojan-activity;sid:84092075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/fbkffjm.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228971/; classtype:trojan-activity;sid:84092071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/pkijfgs.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228972/; classtype:trojan-activity;sid:84092072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/fegrcei.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228973/; classtype:trojan-activity;sid:84092073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/jihhgig.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228974/; classtype:trojan-activity;sid:84092074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/iadpbid.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228969/; classtype:trojan-activity;sid:84092069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/bgapsia.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228970/; classtype:trojan-activity;sid:84092070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/orcdgan.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228968/; classtype:trojan-activity;sid:84092068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/dgoepri.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228965/; classtype:trojan-activity;sid:84092065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/jjffidk.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228966/; classtype:trojan-activity;sid:84092066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/fgmdmdo.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228967/; classtype:trojan-activity;sid:84092067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/mrgkcak.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228964/; classtype:trojan-activity;sid:84092064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/mgiekad.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228962/; classtype:trojan-activity;sid:84092062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/nedrepi.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228963/; classtype:trojan-activity;sid:84092063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/aerisar.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228956/; classtype:trojan-activity;sid:84092056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/kmmdidh.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228957/; classtype:trojan-activity;sid:84092057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/habhsfd.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228958/; classtype:trojan-activity;sid:84092058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/sgckfac.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228959/; classtype:trojan-activity;sid:84092059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/hfgnprf.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228960/; classtype:trojan-activity;sid:84092060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/knsfcpm.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228961/; classtype:trojan-activity;sid:84092061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/cifcnfn.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228948/; classtype:trojan-activity;sid:84092048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/nkhiapa.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228949/; classtype:trojan-activity;sid:84092049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/bofefap.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228950/; classtype:trojan-activity;sid:84092050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/fbddkoh.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228951/; classtype:trojan-activity;sid:84092051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/jeanafs.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228952/; classtype:trojan-activity;sid:84092052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/pnkgoka.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228953/; classtype:trojan-activity;sid:84092053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/mpkkjga.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228954/; classtype:trojan-activity;sid:84092054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/eakmian.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228955/; classtype:trojan-activity;sid:84092055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/gbbgndm.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228947/; classtype:trojan-activity;sid:84092047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/iimemrb.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228941/; classtype:trojan-activity;sid:84092041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/jihkkig.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228942/; classtype:trojan-activity;sid:84092042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/fkfjirc.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228943/; classtype:trojan-activity;sid:84092043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/dagrnkh.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228944/; classtype:trojan-activity;sid:84092044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/fogdhdg.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228945/; classtype:trojan-activity;sid:84092045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/dsdbkfg.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228946/; classtype:trojan-activity;sid:84092046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/sirrodb.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228937/; classtype:trojan-activity;sid:84092037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/kmngedd.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228938/; classtype:trojan-activity;sid:84092038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/mkfbddg.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228939/; classtype:trojan-activity;sid:84092039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/gaepsfd.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228940/; classtype:trojan-activity;sid:84092040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/kmfpgch.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228934/; classtype:trojan-activity;sid:84092034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/kpdcfmd.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228935/; classtype:trojan-activity;sid:84092035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/aodomdk.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228936/; classtype:trojan-activity;sid:84092036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/eacmieo.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228933/; classtype:trojan-activity;sid:84092033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/oediijf.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228931/; classtype:trojan-activity;sid:84092031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/bcfefhe.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228932/; classtype:trojan-activity;sid:84092032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/dokrkpb.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228930/; classtype:trojan-activity;sid:84092030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/fhnkhfp.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228928/; classtype:trojan-activity;sid:84092028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ekcjkda.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228929/; classtype:trojan-activity;sid:84092029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/oafiofn.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228917/; classtype:trojan-activity;sid:84092017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/cdrirop.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228918/; classtype:trojan-activity;sid:84092018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/mgskkif.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228919/; classtype:trojan-activity;sid:84092019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/icopjao.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228920/; classtype:trojan-activity;sid:84092020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/kcafjds.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228921/; classtype:trojan-activity;sid:84092021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/rgiiirf.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228922/; classtype:trojan-activity;sid:84092022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/kgfrmdm.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228923/; classtype:trojan-activity;sid:84092023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/iseggkh.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228924/; classtype:trojan-activity;sid:84092024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/krffmna.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228925/; classtype:trojan-activity;sid:84092025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/naedesd.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228926/; classtype:trojan-activity;sid:84092026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/daghfkd.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228927/; classtype:trojan-activity;sid:84092027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/bfhikfg.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228909/; classtype:trojan-activity;sid:84092009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/kogfbib.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228910/; classtype:trojan-activity;sid:84092010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ihdganh.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228911/; classtype:trojan-activity;sid:84092011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/nkmdpbn.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228912/; classtype:trojan-activity;sid:84092012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/nchdmpk.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228913/; classtype:trojan-activity;sid:84092013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/cbmcefj.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228914/; classtype:trojan-activity;sid:84092014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/cdhhabd.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228915/; classtype:trojan-activity;sid:84092015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/pmnsihc.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228916/; classtype:trojan-activity;sid:84092016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/jdpggmk.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228903/; classtype:trojan-activity;sid:84092003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/hnigroa.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228904/; classtype:trojan-activity;sid:84092004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/hrdaiki.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228905/; classtype:trojan-activity;sid:84092005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/hpmdamj.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228906/; classtype:trojan-activity;sid:84092006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/sgihjfi.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228907/; classtype:trojan-activity;sid:84092007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/andhhfo.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228908/; classtype:trojan-activity;sid:84092008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ensrkgf.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228901/; classtype:trojan-activity;sid:84092001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/acohhfk.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228902/; classtype:trojan-activity;sid:84092002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ifpihkd.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228899/; classtype:trojan-activity;sid:84091999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/moedhpa.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228900/; classtype:trojan-activity;sid:84092000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.89.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228898/; classtype:trojan-activity;sid:84091998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/kfriakr.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228897/; classtype:trojan-activity;sid:84091997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/dsdciaa.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228887/; classtype:trojan-activity;sid:84091987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/nmfaamd.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228888/; classtype:trojan-activity;sid:84091988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/nknhpgm.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228889/; classtype:trojan-activity;sid:84091989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/kffhakm.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228890/; classtype:trojan-activity;sid:84091990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/mkpfifi.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228891/; classtype:trojan-activity;sid:84091991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/cajiisr.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228892/; classtype:trojan-activity;sid:84091992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/nskkigm.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228893/; classtype:trojan-activity;sid:84091993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/iaabmka.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228894/; classtype:trojan-activity;sid:84091994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/mifdkmf.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228895/; classtype:trojan-activity;sid:84091995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ofgdeib.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228896/; classtype:trojan-activity;sid:84091996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/cakemfn.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228875/; classtype:trojan-activity;sid:84091975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/iddmesa.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228876/; classtype:trojan-activity;sid:84091976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/ipmidna.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228877/; classtype:trojan-activity;sid:84091977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwfsfw/fwf/downloads/omhikck.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228878/; classtype:trojan-activity;sid:84091978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228879)";