################################################################ # abuse.ch URLhaus IDS ruleset (Suricata only) # # Last updated: 2025-08-20 14:58:09 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"97.81.4.255"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607292/; classtype:trojan-activity;sid:84470392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.102.238"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607290/; classtype:trojan-activity;sid:84470390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.240.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607291/; classtype:trojan-activity;sid:84470391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"141.98.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607289/; classtype:trojan-activity;sid:84470389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.150.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607288/; classtype:trojan-activity;sid:84470388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"141.98.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607287/; classtype:trojan-activity;sid:84470387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"194.48.140.13"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607285/; classtype:trojan-activity;sid:84470385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"194.48.140.13"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607286/; classtype:trojan-activity;sid:84470386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607282/; classtype:trojan-activity;sid:84470382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607283/; classtype:trojan-activity;sid:84470383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607284/; classtype:trojan-activity;sid:84470384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607279/; classtype:trojan-activity;sid:84470379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"194.48.140.13"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607280/; classtype:trojan-activity;sid:84470380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607281/; classtype:trojan-activity;sid:84470381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607274/; classtype:trojan-activity;sid:84470374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607275/; classtype:trojan-activity;sid:84470375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607276/; classtype:trojan-activity;sid:84470376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607277/; classtype:trojan-activity;sid:84470377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607278/; classtype:trojan-activity;sid:84470378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607271/; classtype:trojan-activity;sid:84470371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"194.48.140.13"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607272/; classtype:trojan-activity;sid:84470372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607273/; classtype:trojan-activity;sid:84470373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.234.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607270/; classtype:trojan-activity;sid:84470370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607269/; classtype:trojan-activity;sid:84470369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.134.87"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607268/; classtype:trojan-activity;sid:84470368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.151"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607267/; classtype:trojan-activity;sid:84470367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.107.170.229"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607266/; classtype:trojan-activity;sid:84470366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.151.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607265/; classtype:trojan-activity;sid:84470365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"97.81.4.255"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607264/; classtype:trojan-activity;sid:84470364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.150.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607263/; classtype:trojan-activity;sid:84470363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.133"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607261/; classtype:trojan-activity;sid:84470361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.102.238"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607262/; classtype:trojan-activity;sid:84470362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.240.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607260/; classtype:trojan-activity;sid:84470360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.151"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607259/; classtype:trojan-activity;sid:84470359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.223.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607258/; classtype:trojan-activity;sid:84470358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.151.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607257/; classtype:trojan-activity;sid:84470357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.101.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607256/; classtype:trojan-activity;sid:84470356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.133"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607255/; classtype:trojan-activity;sid:84470355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.123.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607254/; classtype:trojan-activity;sid:84470354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.101.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607253/; classtype:trojan-activity;sid:84470353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.44.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607252/; classtype:trojan-activity;sid:84470352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.87.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607251/; classtype:trojan-activity;sid:84470351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8042875554/6rc9w1x.bat"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607250/; classtype:trojan-activity;sid:84470350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows_update_x64.exe"; depth:23; endswith; nocase; http.host; content:"146.70.113.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607247/; classtype:trojan-activity;sid:84470347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/letter_of_invitation.zip"; depth:25; endswith; nocase; http.host; content:"146.70.113.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607248/; classtype:trojan-activity;sid:84470348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.x64.bin"; depth:14; endswith; nocase; http.host; content:"146.70.113.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607249/; classtype:trojan-activity;sid:84470349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabeeeeeesd/solaraexecutor/raw/refs/heads/main/solara%20v3.exe"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607246/; classtype:trojan-activity;sid:84470346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7127454373/zxr2qti.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607245/; classtype:trojan-activity;sid:84470345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.234.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607244/; classtype:trojan-activity;sid:84470344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.101.97"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607243/; classtype:trojan-activity;sid:84470343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.234.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607242/; classtype:trojan-activity;sid:84470342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.2.39.140"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607241/; classtype:trojan-activity;sid:84470341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.50.143"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607239/; classtype:trojan-activity;sid:84470339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.73.143"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607238/; classtype:trojan-activity;sid:84470338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1229664666/8ihvfh8.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607237/; classtype:trojan-activity;sid:84470337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7767269296/hppbn0z.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607236/; classtype:trojan-activity;sid:84470336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7125646839/i0q3uva.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607235/; classtype:trojan-activity;sid:84470335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1509384686/nw1jmqq.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607234/; classtype:trojan-activity;sid:84470334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6331503294/wiiwrjj.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607231/; classtype:trojan-activity;sid:84470331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7886909490/z8ot0fy.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607232/; classtype:trojan-activity;sid:84470332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/random.exe"; depth:17; endswith; nocase; http.host; content:"198.100.150.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607233/; classtype:trojan-activity;sid:84470333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/271085713/y3wxsss.exe"; depth:28; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607229/; classtype:trojan-activity;sid:84470329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5296057416/tse2e3k.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607230/; classtype:trojan-activity;sid:84470330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1509384686/sjovrne.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607223/; classtype:trojan-activity;sid:84470323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5254702106/trvb3co.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607224/; classtype:trojan-activity;sid:84470324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7610129705/jh8ta1w.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607225/; classtype:trojan-activity;sid:84470325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5638395652/yhxbbcu.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607226/; classtype:trojan-activity;sid:84470326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7453936223/rent7wg.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607227/; classtype:trojan-activity;sid:84470327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/740061926/blgj4g0.exe"; depth:28; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607228/; classtype:trojan-activity;sid:84470328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8434554557/m6xcver.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607221/; classtype:trojan-activity;sid:84470321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6361558956/qwcfbw4.exe"; depth:29; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607222/; classtype:trojan-activity;sid:84470322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.50.143"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607220/; classtype:trojan-activity;sid:84470320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/unique2/random.exe"; depth:25; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607219/; classtype:trojan-activity;sid:84470319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/fate/random.exe"; depth:22; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607216/; classtype:trojan-activity;sid:84470316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luma/random.exe"; depth:16; endswith; nocase; http.host; content:"213.209.150.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607217/; classtype:trojan-activity;sid:84470317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.123.57"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607215/; classtype:trojan-activity;sid:84470315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ops.dll"; depth:8; endswith; nocase; http.host; content:"test543aa.s3.us-east-2.amazonaws.com"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607213/; classtype:trojan-activity;sid:84470313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ops.dll"; depth:8; endswith; nocase; http.host; content:"test543aa.s3.us-east-2.amazonaws.com"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607214/; classtype:trojan-activity;sid:84470314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slo.dll"; depth:8; endswith; nocase; http.host; content:"test543aa.s3.us-east-2.amazonaws.com"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607212/; classtype:trojan-activity;sid:84470312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/base"; depth:5; endswith; nocase; http.host; content:"filehosting-6rc.pages.dev"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607210/; classtype:trojan-activity;sid:84470310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.202.99"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607209/; classtype:trojan-activity;sid:84470309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.221.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607208/; classtype:trojan-activity;sid:84470308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.9.228"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607207/; classtype:trojan-activity;sid:84470307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.202.99"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607206/; classtype:trojan-activity;sid:84470306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.udevmon"; depth:14; endswith; nocase; http.host; content:"top1miku.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607205/; classtype:trojan-activity;sid:84470305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/convertedfile.txt"; depth:18; endswith; nocase; http.host; content:"saftycar.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607204/; classtype:trojan-activity;sid:84470304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28/items/wp4096799-lost-in-space-wallpapers_20250617_0235/wp4096799-lost-in-space-wallpapers.jpg"; depth:97; endswith; nocase; http.host; content:"ia601607.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607203/; classtype:trojan-activity;sid:84470303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.140.181"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607200/; classtype:trojan-activity;sid:84470300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.175.117"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607199/; classtype:trojan-activity;sid:84470299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.140.181"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607195/; classtype:trojan-activity;sid:84470295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.9.113.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607184/; classtype:trojan-activity;sid:84470284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.179.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607183/; classtype:trojan-activity;sid:84470283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.179.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607181/; classtype:trojan-activity;sid:84470281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.46.29.56"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607180/; classtype:trojan-activity;sid:84470280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.94.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607179/; classtype:trojan-activity;sid:84470279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.10.73"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607178/; classtype:trojan-activity;sid:84470278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.9.113.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607177/; classtype:trojan-activity;sid:84470277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.205.30.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607176/; classtype:trojan-activity;sid:84470276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.31.191"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607175/; classtype:trojan-activity;sid:84470275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.226.111"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607173/; classtype:trojan-activity;sid:84470273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.192.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607171/; classtype:trojan-activity;sid:84470271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.223.130.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607169/; classtype:trojan-activity;sid:84470269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.124.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607170/; classtype:trojan-activity;sid:84470270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.192.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607168/; classtype:trojan-activity;sid:84470268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607167/; classtype:trojan-activity;sid:84470267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajax/pixi.min.js"; depth:17; endswith; nocase; http.host; content:"woop-bicks.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607166/; classtype:trojan-activity;sid:84470266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.124.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607165/; classtype:trojan-activity;sid:84470265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.130.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607162/; classtype:trojan-activity;sid:84470262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.147.184"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607155/; classtype:trojan-activity;sid:84470255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.104.227"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607156/; classtype:trojan-activity;sid:84470256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607157/; classtype:trojan-activity;sid:84470257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.188.208"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607158/; classtype:trojan-activity;sid:84470258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.234.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607159/; classtype:trojan-activity;sid:84470259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.224.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607160/; classtype:trojan-activity;sid:84470260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.221.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607161/; classtype:trojan-activity;sid:84470261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.232.77.86"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607152/; classtype:trojan-activity;sid:84470252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.111.155"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607153/; classtype:trojan-activity;sid:84470253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.19.42"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607151/; classtype:trojan-activity;sid:84470251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.90.120"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607150/; classtype:trojan-activity;sid:84470250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/win/communication_client/9.4/em_tlhprvcf_installer.msi"; depth:64; endswith; nocase; http.host; content:"puretraffic.itsm-us1.comodo.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607148/; classtype:trojan-activity;sid:84470248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ddospanels/2pacalypse/refs/heads/main/main.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607145/; classtype:trojan-activity;sid:84470245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.19.42"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607144/; classtype:trojan-activity;sid:84470244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.90.120"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607143/; classtype:trojan-activity;sid:84470243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.59.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607142/; classtype:trojan-activity;sid:84470242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.54.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607141/; classtype:trojan-activity;sid:84470241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.147.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607140/; classtype:trojan-activity;sid:84470240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.22.113"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607139/; classtype:trojan-activity;sid:84470239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.148.182"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607138/; classtype:trojan-activity;sid:84470238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.22.113"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607137/; classtype:trojan-activity;sid:84470237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.117.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607136/; classtype:trojan-activity;sid:84470236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.59.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607135/; classtype:trojan-activity;sid:84470235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.54.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607134/; classtype:trojan-activity;sid:84470234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.148.182"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607133/; classtype:trojan-activity;sid:84470233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.149.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607132/; classtype:trojan-activity;sid:84470232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.67.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607131/; classtype:trojan-activity;sid:84470231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.208.71"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607130/; classtype:trojan-activity;sid:84470230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.12.32"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607129/; classtype:trojan-activity;sid:84470229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.117.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607128/; classtype:trojan-activity;sid:84470228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.192.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607127/; classtype:trojan-activity;sid:84470227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.12.27"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607126/; classtype:trojan-activity;sid:84470226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.221.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607125/; classtype:trojan-activity;sid:84470225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.149.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607124/; classtype:trojan-activity;sid:84470224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.242.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607123/; classtype:trojan-activity;sid:84470223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.67.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607122/; classtype:trojan-activity;sid:84470222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.247.158"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607120/; classtype:trojan-activity;sid:84470220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.187.151"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607119/; classtype:trojan-activity;sid:84470219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.162.67.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607118/; classtype:trojan-activity;sid:84470218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607117/; classtype:trojan-activity;sid:84470217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.m68k"; depth:11; endswith; nocase; http.host; content:"196.251.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607106/; classtype:trojan-activity;sid:84470206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv5l"; depth:13; endswith; nocase; http.host; content:"196.251.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607107/; classtype:trojan-activity;sid:84470207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mips"; depth:11; endswith; nocase; http.host; content:"196.251.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607110/; classtype:trojan-activity;sid:84470210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mipsel"; depth:13; endswith; nocase; http.host; content:"196.251.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607111/; classtype:trojan-activity;sid:84470211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.x86_64"; depth:13; endswith; nocase; http.host; content:"196.251.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607112/; classtype:trojan-activity;sid:84470212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv7l"; depth:13; endswith; nocase; http.host; content:"196.251.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607113/; classtype:trojan-activity;sid:84470213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc64"; depth:16; endswith; nocase; http.host; content:"196.251.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607114/; classtype:trojan-activity;sid:84470214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/niggamips"; depth:10; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607116/; classtype:trojan-activity;sid:84470216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv6l"; depth:13; endswith; nocase; http.host; content:"196.251.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607104/; classtype:trojan-activity;sid:84470204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i486"; depth:11; endswith; nocase; http.host; content:"196.251.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607105/; classtype:trojan-activity;sid:84470205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"141.98.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607100/; classtype:trojan-activity;sid:84470200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.86.229.187"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607099/; classtype:trojan-activity;sid:84470199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.242.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607098/; classtype:trojan-activity;sid:84470198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.162.67.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607096/; classtype:trojan-activity;sid:84470196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.167.104.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607091/; classtype:trojan-activity;sid:84470191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"141.98.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607090/; classtype:trojan-activity;sid:84470190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.86.229.187"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607089/; classtype:trojan-activity;sid:84470189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.12.27"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607088/; classtype:trojan-activity;sid:84470188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.105.178"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607087/; classtype:trojan-activity;sid:84470187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.146.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607086/; classtype:trojan-activity;sid:84470186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.164.213.43"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607085/; classtype:trojan-activity;sid:84470185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.146.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607083/; classtype:trojan-activity;sid:84470183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.164.213.43"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607082/; classtype:trojan-activity;sid:84470182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipcam.tplink.sh"; depth:16; endswith; nocase; http.host; content:"196.251.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607072/; classtype:trojan-activity;sid:84470172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/router.zyxel.sh"; depth:16; endswith; nocase; http.host; content:"196.251.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607071/; classtype:trojan-activity;sid:84470171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/router.zyxel.sh"; depth:16; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607070/; classtype:trojan-activity;sid:84470170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5/lm.exe"; depth:9; endswith; nocase; http.host; content:"cnr-software.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607069/; classtype:trojan-activity;sid:84470169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607066/; classtype:trojan-activity;sid:84470166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.57.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607065/; classtype:trojan-activity;sid:84470165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.109.13"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607064/; classtype:trojan-activity;sid:84470164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.21.133"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607063/; classtype:trojan-activity;sid:84470163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.208.137"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607062/; classtype:trojan-activity;sid:84470162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.242.181"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607061/; classtype:trojan-activity;sid:84470161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.208.137"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607060/; classtype:trojan-activity;sid:84470160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.109.13"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607059/; classtype:trojan-activity;sid:84470159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.184.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607058/; classtype:trojan-activity;sid:84470158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.55"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607057/; classtype:trojan-activity;sid:84470157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.27.26"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607056/; classtype:trojan-activity;sid:84470156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.241.143.14"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607055/; classtype:trojan-activity;sid:84470155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.27.26"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607054/; classtype:trojan-activity;sid:84470154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.229.22"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607053/; classtype:trojan-activity;sid:84470153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.241.143.14"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607052/; classtype:trojan-activity;sid:84470152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.74.200"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607050/; classtype:trojan-activity;sid:84470150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.54.41"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607047/; classtype:trojan-activity;sid:84470147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.74.200"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607046/; classtype:trojan-activity;sid:84470146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.220.96"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607042/; classtype:trojan-activity;sid:84470142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.84.168"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607040/; classtype:trojan-activity;sid:84470140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.226.111"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607038/; classtype:trojan-activity;sid:84470138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.219.105.122"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607037/; classtype:trojan-activity;sid:84470137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.208.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607036/; classtype:trojan-activity;sid:84470136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607033/; classtype:trojan-activity;sid:84470133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.198.64"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607032/; classtype:trojan-activity;sid:84470132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.0.179"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607031/; classtype:trojan-activity;sid:84470131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.56.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607030/; classtype:trojan-activity;sid:84470130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.198.64"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607028/; classtype:trojan-activity;sid:84470128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.23.233"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607026/; classtype:trojan-activity;sid:84470126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.56.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607021/; classtype:trojan-activity;sid:84470121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.160.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607018/; classtype:trojan-activity;sid:84470118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.230.116"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607017/; classtype:trojan-activity;sid:84470117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.160.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607016/; classtype:trojan-activity;sid:84470116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.195.237"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607015/; classtype:trojan-activity;sid:84470115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.177.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607013/; classtype:trojan-activity;sid:84470113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.37.94"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607012/; classtype:trojan-activity;sid:84470112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.195.237"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607011/; classtype:trojan-activity;sid:84470111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.126.58"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607010/; classtype:trojan-activity;sid:84470110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.177.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607009/; classtype:trojan-activity;sid:84470109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.165.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607008/; classtype:trojan-activity;sid:84470108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.36.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607007/; classtype:trojan-activity;sid:84470107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.37.94"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607006/; classtype:trojan-activity;sid:84470106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.179.226"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607005/; classtype:trojan-activity;sid:84470105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.126.58"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607004/; classtype:trojan-activity;sid:84470104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.184.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607003/; classtype:trojan-activity;sid:84470103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.171.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607001/; classtype:trojan-activity;sid:84470101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.216.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607002/; classtype:trojan-activity;sid:84470102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.87.165"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3607000/; classtype:trojan-activity;sid:84470100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.216.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606999/; classtype:trojan-activity;sid:84470099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.171.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606998/; classtype:trojan-activity;sid:84470098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.87.165"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606996/; classtype:trojan-activity;sid:84470096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.46.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606997/; classtype:trojan-activity;sid:84470097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.46.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606995/; classtype:trojan-activity;sid:84470095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.179.226"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606994/; classtype:trojan-activity;sid:84470094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.21.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606993/; classtype:trojan-activity;sid:84470093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.21.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606992/; classtype:trojan-activity;sid:84470092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.77.181"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606991/; classtype:trojan-activity;sid:84470091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.56"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606990/; classtype:trojan-activity;sid:84470090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.77.181"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606989/; classtype:trojan-activity;sid:84470089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.56"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606988/; classtype:trojan-activity;sid:84470088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.165.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606987/; classtype:trojan-activity;sid:84470087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.63.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606985/; classtype:trojan-activity;sid:84470085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.101.97"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606986/; classtype:trojan-activity;sid:84470086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.61.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606983/; classtype:trojan-activity;sid:84470083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.248.138"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606984/; classtype:trojan-activity;sid:84470084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.38.3.30"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606982/; classtype:trojan-activity;sid:84470082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3dg5.js"; depth:8; endswith; nocase; http.host; content:"ichmidt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606981/; classtype:trojan-activity;sid:84470081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js.php"; depth:7; endswith; nocase; http.host; content:"ichmidt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606980/; classtype:trojan-activity;sid:84470080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.14.42"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606979/; classtype:trojan-activity;sid:84470079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.54.230.93"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606978/; classtype:trojan-activity;sid:84470078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.122.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606977/; classtype:trojan-activity;sid:84470077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.23.17"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606976/; classtype:trojan-activity;sid:84470076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.54.230.93"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606975/; classtype:trojan-activity;sid:84470075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.55"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606974/; classtype:trojan-activity;sid:84470074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.35.52"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606973/; classtype:trojan-activity;sid:84470073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.190.187.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606972/; classtype:trojan-activity;sid:84470072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.122.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606971/; classtype:trojan-activity;sid:84470071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.190.187.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606970/; classtype:trojan-activity;sid:84470070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.112.102"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606969/; classtype:trojan-activity;sid:84470069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.96.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606968/; classtype:trojan-activity;sid:84470068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.112.102"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606967/; classtype:trojan-activity;sid:84470067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.39"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606966/; classtype:trojan-activity;sid:84470066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.145.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606965/; classtype:trojan-activity;sid:84470065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606964/; classtype:trojan-activity;sid:84470064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606962/; classtype:trojan-activity;sid:84470062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606963/; classtype:trojan-activity;sid:84470063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8017652646/jzkuzy2.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606961/; classtype:trojan-activity;sid:84470061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6331503294/wiiwrjj.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606959/; classtype:trojan-activity;sid:84470059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7610129705/jh8ta1w.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606960/; classtype:trojan-activity;sid:84470060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/router.zyxel.sh"; depth:16; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606958/; classtype:trojan-activity;sid:84470058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/router.zyxel.sh"; depth:16; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606956/; classtype:trojan-activity;sid:84470056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86-debug"; depth:19; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606957/; classtype:trojan-activity;sid:84470057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.49.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606955/; classtype:trojan-activity;sid:84470055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.49.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606954/; classtype:trojan-activity;sid:84470054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.145.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606953/; classtype:trojan-activity;sid:84470053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.89.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606952/; classtype:trojan-activity;sid:84470052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606951/; classtype:trojan-activity;sid:84470051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.79.85.69"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606950/; classtype:trojan-activity;sid:84470050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"heroicsstipend.top"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606949/; classtype:trojan-activity;sid:84470049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.96.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606948/; classtype:trojan-activity;sid:84470048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.248.138"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606947/; classtype:trojan-activity;sid:84470047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.206.237"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606946/; classtype:trojan-activity;sid:84470046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.171.150"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606945/; classtype:trojan-activity;sid:84470045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.226.130"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606944/; classtype:trojan-activity;sid:84470044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.189.70"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606943/; classtype:trojan-activity;sid:84470043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7127454373/s061akj.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606942/; classtype:trojan-activity;sid:84470042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.80.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606941/; classtype:trojan-activity;sid:84470041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/spc"; depth:13; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606928/; classtype:trojan-activity;sid:84470028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/m68k"; depth:14; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606929/; classtype:trojan-activity;sid:84470029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86_64"; depth:16; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606930/; classtype:trojan-activity;sid:84470030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/ppc"; depth:13; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606931/; classtype:trojan-activity;sid:84470031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mpsl"; depth:14; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606932/; classtype:trojan-activity;sid:84470032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm"; depth:13; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606933/; classtype:trojan-activity;sid:84470033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/spc"; depth:13; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606934/; classtype:trojan-activity;sid:84470034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm5"; depth:14; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606935/; classtype:trojan-activity;sid:84470035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm6"; depth:14; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606936/; classtype:trojan-activity;sid:84470036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm7"; depth:14; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606937/; classtype:trojan-activity;sid:84470037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86"; depth:13; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606938/; classtype:trojan-activity;sid:84470038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm6"; depth:14; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606939/; classtype:trojan-activity;sid:84470039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/sh4"; depth:13; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606940/; classtype:trojan-activity;sid:84470040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/sh4"; depth:13; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606922/; classtype:trojan-activity;sid:84470022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86_64"; depth:16; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606923/; classtype:trojan-activity;sid:84470023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606924/; classtype:trojan-activity;sid:84470024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/m68k"; depth:14; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606925/; classtype:trojan-activity;sid:84470025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm"; depth:13; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606926/; classtype:trojan-activity;sid:84470026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mips"; depth:14; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606927/; classtype:trojan-activity;sid:84470027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mips"; depth:14; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606917/; classtype:trojan-activity;sid:84470017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86"; depth:13; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606918/; classtype:trojan-activity;sid:84470018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mpsl"; depth:14; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606919/; classtype:trojan-activity;sid:84470019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/ppc"; depth:13; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606920/; classtype:trojan-activity;sid:84470020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm7"; depth:14; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606921/; classtype:trojan-activity;sid:84470021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm5"; depth:14; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606916/; classtype:trojan-activity;sid:84470016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6331503294/0qarqta.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606915/; classtype:trojan-activity;sid:84470015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8042875554/l7raqxk.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606914/; classtype:trojan-activity;sid:84470014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mk2k20ajw7kairt1mg88vt1at9vwu5azn9akyys2qbnbnxv3ph/yer2kp0jebhsddvcs9cwnhbkugdxcem9kqxlwfadhgmkyw7fzq.exe"; depth:106; endswith; nocase; http.host; content:"66.63.187.190"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606913/; classtype:trojan-activity;sid:84470013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mk2k20ajw7kairt1mg88vt1at9vwu5azn9akyys2qbnbnxv3ph/mr5jffcvzvzar7ivtoqbfoizsmpezngqoxaypg38ox6k48cqpt.exe"; depth:106; endswith; nocase; http.host; content:"66.63.187.190"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606912/; classtype:trojan-activity;sid:84470012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am.exe"; depth:7; endswith; nocase; http.host; content:"cnr-software.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606910/; classtype:trojan-activity;sid:84470010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dd12.exe"; depth:9; endswith; nocase; http.host; content:"cnr-software.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606911/; classtype:trojan-activity;sid:84470011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606908/; classtype:trojan-activity;sid:84470008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606909/; classtype:trojan-activity;sid:84470009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606907/; classtype:trojan-activity;sid:84470007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win.exe"; depth:8; endswith; nocase; http.host; content:"visualwikicloud.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606904/; classtype:trojan-activity;sid:84470004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"31.97.24.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606905/; classtype:trojan-activity;sid:84470005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"srv841721.hstgr.cloud"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606906/; classtype:trojan-activity;sid:84470006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.132.242"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606903/; classtype:trojan-activity;sid:84470003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.226.130"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606902/; classtype:trojan-activity;sid:84470002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.171.150"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606901/; classtype:trojan-activity;sid:84470001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.0.179"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606900/; classtype:trojan-activity;sid:84470000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.66.237"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606899/; classtype:trojan-activity;sid:84469999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.80.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606898/; classtype:trojan-activity;sid:84469998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.132.242"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606897/; classtype:trojan-activity;sid:84469997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.184.42"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606896/; classtype:trojan-activity;sid:84469996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.54.95.49"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606895/; classtype:trojan-activity;sid:84469995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.39.154"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606894/; classtype:trojan-activity;sid:84469994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.135.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606893/; classtype:trojan-activity;sid:84469993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.76.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606892/; classtype:trojan-activity;sid:84469992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.184.42"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606891/; classtype:trojan-activity;sid:84469991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.135.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606890/; classtype:trojan-activity;sid:84469990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.106.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606889/; classtype:trojan-activity;sid:84469989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.34.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606888/; classtype:trojan-activity;sid:84469988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.97.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606887/; classtype:trojan-activity;sid:84469987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.189.138"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606886/; classtype:trojan-activity;sid:84469986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.76.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606885/; classtype:trojan-activity;sid:84469985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.71.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606884/; classtype:trojan-activity;sid:84469984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606883/; classtype:trojan-activity;sid:84469983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606880/; classtype:trojan-activity;sid:84469980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606881/; classtype:trojan-activity;sid:84469981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606882/; classtype:trojan-activity;sid:84469982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606868/; classtype:trojan-activity;sid:84469968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606869/; classtype:trojan-activity;sid:84469969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606870/; classtype:trojan-activity;sid:84469970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606871/; classtype:trojan-activity;sid:84469971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606872/; classtype:trojan-activity;sid:84469972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606873/; classtype:trojan-activity;sid:84469973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arc"; depth:25; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606874/; classtype:trojan-activity;sid:84469974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606875/; classtype:trojan-activity;sid:84469975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606876/; classtype:trojan-activity;sid:84469976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606877/; classtype:trojan-activity;sid:84469977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/debug"; depth:21; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606878/; classtype:trojan-activity;sid:84469978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"5.181.159.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606879/; classtype:trojan-activity;sid:84469979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.8.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606852/; classtype:trojan-activity;sid:84469952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.34.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606851/; classtype:trojan-activity;sid:84469951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o/mips"; depth:7; endswith; nocase; http.host; content:"158.51.126.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606850/; classtype:trojan-activity;sid:84469950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o/powerpc"; depth:10; endswith; nocase; http.host; content:"158.51.126.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606849/; classtype:trojan-activity;sid:84469949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.137.120"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606847/; classtype:trojan-activity;sid:84469947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.97.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606848/; classtype:trojan-activity;sid:84469948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o/i686"; depth:7; endswith; nocase; http.host; content:"158.51.126.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606844/; classtype:trojan-activity;sid:84469944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o/csky"; depth:7; endswith; nocase; http.host; content:"158.51.126.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606845/; classtype:trojan-activity;sid:84469945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o/mipsel"; depth:9; endswith; nocase; http.host; content:"158.51.126.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606846/; classtype:trojan-activity;sid:84469946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshdarm"; depth:8; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606843/; classtype:trojan-activity;sid:84469943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xd"; depth:3; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606842/; classtype:trojan-activity;sid:84469942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606838/; classtype:trojan-activity;sid:84469938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606839/; classtype:trojan-activity;sid:84469939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd64"; depth:7; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606840/; classtype:trojan-activity;sid:84469940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nigga5"; depth:7; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606841/; classtype:trojan-activity;sid:84469941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nigga.sh"; depth:9; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606834/; classtype:trojan-activity;sid:84469934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/niggamipsel"; depth:12; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606835/; classtype:trojan-activity;sid:84469935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606836/; classtype:trojan-activity;sid:84469936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig"; depth:6; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606837/; classtype:trojan-activity;sid:84469937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/min"; depth:4; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606833/; classtype:trojan-activity;sid:84469933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmao"; depth:5; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606832/; classtype:trojan-activity;sid:84469932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.71.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606831/; classtype:trojan-activity;sid:84469931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.199.161"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606830/; classtype:trojan-activity;sid:84469930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606829/; classtype:trojan-activity;sid:84469929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.175.125"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606828/; classtype:trojan-activity;sid:84469928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.146.158.129"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606825/; classtype:trojan-activity;sid:84469925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.159.150.233"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606826/; classtype:trojan-activity;sid:84469926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.178.57.150"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606827/; classtype:trojan-activity;sid:84469927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.138.22.149"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606824/; classtype:trojan-activity;sid:84469924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"98.159.110.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606820/; classtype:trojan-activity;sid:84469920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"84.246.226.107"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606821/; classtype:trojan-activity;sid:84469921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.105.35.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606822/; classtype:trojan-activity;sid:84469922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.143.2.128"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606823/; classtype:trojan-activity;sid:84469923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.169.228.161"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606817/; classtype:trojan-activity;sid:84469917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.214.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606818/; classtype:trojan-activity;sid:84469918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.58.48.120"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606819/; classtype:trojan-activity;sid:84469919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.19.125.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606814/; classtype:trojan-activity;sid:84469914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.183.77.191"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606815/; classtype:trojan-activity;sid:84469915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.233.64.23"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606816/; classtype:trojan-activity;sid:84469916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.28.41.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606813/; classtype:trojan-activity;sid:84469913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.109.196.83"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606811/; classtype:trojan-activity;sid:84469911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.71.69.91"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606812/; classtype:trojan-activity;sid:84469912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.209.204.237"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606809/; classtype:trojan-activity;sid:84469909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.73.168.181"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606810/; classtype:trojan-activity;sid:84469910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"94.44.159.151"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606805/; classtype:trojan-activity;sid:84469905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"59.88.41.58"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606806/; classtype:trojan-activity;sid:84469906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"58.187.175.18"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606807/; classtype:trojan-activity;sid:84469907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"221.113.193.191"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606808/; classtype:trojan-activity;sid:84469908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.129.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606804/; classtype:trojan-activity;sid:84469904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.182.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606803/; classtype:trojan-activity;sid:84469903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.174.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606801/; classtype:trojan-activity;sid:84469901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.165.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606802/; classtype:trojan-activity;sid:84469902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.10.106"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606800/; classtype:trojan-activity;sid:84469900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.245.156"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606799/; classtype:trojan-activity;sid:84469899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.200.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606797/; classtype:trojan-activity;sid:84469897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.143.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606798/; classtype:trojan-activity;sid:84469898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.208.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606796/; classtype:trojan-activity;sid:84469896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.23.17"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606795/; classtype:trojan-activity;sid:84469895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.188.91.108"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606794/; classtype:trojan-activity;sid:84469894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.215.167"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606792/; classtype:trojan-activity;sid:84469892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.188.91.108"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606793/; classtype:trojan-activity;sid:84469893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.151.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606790/; classtype:trojan-activity;sid:84469890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.48.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606791/; classtype:trojan-activity;sid:84469891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.126.29"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606789/; classtype:trojan-activity;sid:84469889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606787/; classtype:trojan-activity;sid:84469887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.48.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606788/; classtype:trojan-activity;sid:84469888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.189.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606786/; classtype:trojan-activity;sid:84469886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.200.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606785/; classtype:trojan-activity;sid:84469885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.120.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606784/; classtype:trojan-activity;sid:84469884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.107.22.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606783/; classtype:trojan-activity;sid:84469883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.47.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606782/; classtype:trojan-activity;sid:84469882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5298241443/qig1vlt.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606781/; classtype:trojan-activity;sid:84469881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.81.136"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606780/; classtype:trojan-activity;sid:84469880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.43.150"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606779/; classtype:trojan-activity;sid:84469879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.189.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606778/; classtype:trojan-activity;sid:84469878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.45.152"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606777/; classtype:trojan-activity;sid:84469877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.120.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606776/; classtype:trojan-activity;sid:84469876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.22.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606775/; classtype:trojan-activity;sid:84469875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7783814620/3q5inmh.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606774/; classtype:trojan-activity;sid:84469874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7125646839/i0q3uva.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606773/; classtype:trojan-activity;sid:84469873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.7.143"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606772/; classtype:trojan-activity;sid:84469872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.220.96"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606771/; classtype:trojan-activity;sid:84469871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1ovu/pon/refs/heads/main/rustmedebyg.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606770/; classtype:trojan-activity;sid:84469870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6414646686/mbnmash.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606769/; classtype:trojan-activity;sid:84469869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/niggax86"; depth:9; endswith; nocase; http.host; content:"109.172.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606768/; classtype:trojan-activity;sid:84469868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1ovu/pon/refs/heads/main/rustme.exe"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606767/; classtype:trojan-activity;sid:84469867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1ovu/pon/refs/heads/main/debugconfig.bat"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606766/; classtype:trojan-activity;sid:84469866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5638395652/yhxbbcu.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606765/; classtype:trojan-activity;sid:84469865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1ovu/pon/blob/main/res.bat"; depth:28; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606764/; classtype:trojan-activity;sid:84469864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.164.143"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606763/; classtype:trojan-activity;sid:84469863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.90.207"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606762/; classtype:trojan-activity;sid:84469862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.7.143"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606761/; classtype:trojan-activity;sid:84469861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.245.214"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606760/; classtype:trojan-activity;sid:84469860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.81.136"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606759/; classtype:trojan-activity;sid:84469859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.34.13"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606758/; classtype:trojan-activity;sid:84469858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.34.13"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606757/; classtype:trojan-activity;sid:84469857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.241.136"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606756/; classtype:trojan-activity;sid:84469856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.164.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606755/; classtype:trojan-activity;sid:84469855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.113.103"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606754/; classtype:trojan-activity;sid:84469854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.90.210"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606753/; classtype:trojan-activity;sid:84469853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.244.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606752/; classtype:trojan-activity;sid:84469852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.26.55"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606751/; classtype:trojan-activity;sid:84469851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.14.42"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606750/; classtype:trojan-activity;sid:84469850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.2.168"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606749/; classtype:trojan-activity;sid:84469849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.244.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606748/; classtype:trojan-activity;sid:84469848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.222.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606747/; classtype:trojan-activity;sid:84469847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.65.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606746/; classtype:trojan-activity;sid:84469846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.26.55"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606745/; classtype:trojan-activity;sid:84469845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.124.45.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606744/; classtype:trojan-activity;sid:84469844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.2.168"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606743/; classtype:trojan-activity;sid:84469843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.24.175"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606742/; classtype:trojan-activity;sid:84469842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.218.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606741/; classtype:trojan-activity;sid:84469841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.135.74"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606740/; classtype:trojan-activity;sid:84469840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.206.223"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606739/; classtype:trojan-activity;sid:84469839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.153.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606738/; classtype:trojan-activity;sid:84469838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.40.65.84"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606735/; classtype:trojan-activity;sid:84469835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.32.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606736/; classtype:trojan-activity;sid:84469836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.24.127"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606737/; classtype:trojan-activity;sid:84469837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.136.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606734/; classtype:trojan-activity;sid:84469834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.88.165.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606733/; classtype:trojan-activity;sid:84469833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.86.137"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606732/; classtype:trojan-activity;sid:84469832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.219.221"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606731/; classtype:trojan-activity;sid:84469831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.24.127"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606730/; classtype:trojan-activity;sid:84469830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.88.165.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606729/; classtype:trojan-activity;sid:84469829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.86.137"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606728/; classtype:trojan-activity;sid:84469828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.40.65.84"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606727/; classtype:trojan-activity;sid:84469827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spvbqmbkyr_06/03.txt/"; depth:22; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606726/; classtype:trojan-activity;sid:84469826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606725/; classtype:trojan-activity;sid:84469825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uardbenict_05"; depth:14; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606724/; classtype:trojan-activity;sid:84469824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jibxkfgnby_3/03.txt"; depth:20; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606723/; classtype:trojan-activity;sid:84469823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zocwpnhotb_01/03.txt(2n"; depth:24; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606721/; classtype:trojan-activity;sid:84469821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wvtcifeygu_07/p"; depth:16; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606722/; classtype:trojan-activity;sid:84469822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get5/update"; depth:12; endswith; nocase; http.host; content:"elemasyon.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606718/; classtype:trojan-activity;sid:84469818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.37"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606719/; classtype:trojan-activity;sid:84469819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meoxhqxolc_08/03.txt"; depth:21; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606720/; classtype:trojan-activity;sid:84469820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wvtcifeygu_07/"; depth:15; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606716/; classtype:trojan-activity;sid:84469816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get30/update"; depth:13; endswith; nocase; http.host; content:"osskanger.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606717/; classtype:trojan-activity;sid:84469817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jibxkfgnby_3/"; depth:14; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606715/; classtype:trojan-activity;sid:84469815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spvbqmbkyr_06/"; depth:15; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606710/; classtype:trojan-activity;sid:84469810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uardbenict_05/"; depth:15; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606711/; classtype:trojan-activity;sid:84469811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nqdbs/"; depth:7; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606712/; classtype:trojan-activity;sid:84469812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zocwpnhotb_01/"; depth:15; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606713/; classtype:trojan-activity;sid:84469813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spvbqmbkyr_06/01.txt"; depth:21; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606714/; classtype:trojan-activity;sid:84469814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6331503294/ql54rvf.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606705/; classtype:trojan-activity;sid:84469805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zocwpnhotb_01"; depth:14; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606706/; classtype:trojan-activity;sid:84469806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vthqzccrew_04/"; depth:15; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606707/; classtype:trojan-activity;sid:84469807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vthqzccrew_04/03.txtx"; depth:22; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606708/; classtype:trojan-activity;sid:84469808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uardbenict_05/p/"; depth:17; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606709/; classtype:trojan-activity;sid:84469809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.196.186"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606704/; classtype:trojan-activity;sid:84469804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.99.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606703/; classtype:trojan-activity;sid:84469803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.221.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606702/; classtype:trojan-activity;sid:84469802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.255.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606701/; classtype:trojan-activity;sid:84469801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.196.186"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606700/; classtype:trojan-activity;sid:84469800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.37"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606699/; classtype:trojan-activity;sid:84469799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.10.106"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606698/; classtype:trojan-activity;sid:84469798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.63.93"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606697/; classtype:trojan-activity;sid:84469797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.35.81"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606696/; classtype:trojan-activity;sid:84469796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.36.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606695/; classtype:trojan-activity;sid:84469795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.209.77.198"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606694/; classtype:trojan-activity;sid:84469794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.94.122"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606693/; classtype:trojan-activity;sid:84469793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.35.81"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606692/; classtype:trojan-activity;sid:84469792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.143.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606691/; classtype:trojan-activity;sid:84469791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.209.77.198"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606690/; classtype:trojan-activity;sid:84469790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.221.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606689/; classtype:trojan-activity;sid:84469789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.109.159.203"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606687/; classtype:trojan-activity;sid:84469787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"188.38.3.30"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606688/; classtype:trojan-activity;sid:84469788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajax/pixi.min.js"; depth:17; endswith; nocase; http.host; content:"revise-akmo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606686/; classtype:trojan-activity;sid:84469786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.82.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606685/; classtype:trojan-activity;sid:84469785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.52.215"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606684/; classtype:trojan-activity;sid:84469784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wwwap/sunnyday"; depth:15; endswith; nocase; http.host; content:"falconmx.top"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606683/; classtype:trojan-activity;sid:84469783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.236.77"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606682/; classtype:trojan-activity;sid:84469782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/kin54042"; depth:11; endswith; nocase; http.host; content:"185.93.89.62"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606681/; classtype:trojan-activity;sid:84469781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atu.lim"; depth:8; endswith; nocase; http.host; content:"electri.billregulator.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606680/; classtype:trojan-activity;sid:84469780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.124.90"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606679/; classtype:trojan-activity;sid:84469779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.113.99"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606678/; classtype:trojan-activity;sid:84469778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.83.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606677/; classtype:trojan-activity;sid:84469777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.180.2"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606676/; classtype:trojan-activity;sid:84469776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.223.130.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606675/; classtype:trojan-activity;sid:84469775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.113.99"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606674/; classtype:trojan-activity;sid:84469774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan.sh"; depth:8; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606673/; classtype:trojan-activity;sid:84469773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.156.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606672/; classtype:trojan-activity;sid:84469772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606671/; classtype:trojan-activity;sid:84469771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606670/; classtype:trojan-activity;sid:84469770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan.sh"; depth:8; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606669/; classtype:trojan-activity;sid:84469769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g3wpjzlimwkz0xbjhfm4p64zfdsnhrqji8"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606668/; classtype:trojan-activity;sid:84469768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nmvymadfv0bzn4yyw4k00alwa8iccwrfnw"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606667/; classtype:trojan-activity;sid:84469767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/l1pn4wxapdx2yv5s5sixzkyglq4y30nnf3"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606665/; classtype:trojan-activity;sid:84469765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hqxikbltktw1ntgpbooznunq3udab6isup"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606666/; classtype:trojan-activity;sid:84469766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mspto2w0qxyseexqwnfefrvk5zamnoltob"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606661/; classtype:trojan-activity;sid:84469761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yuijhiojc21w3swmxtqvh6herj8myisn5v"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606662/; classtype:trojan-activity;sid:84469762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/e0rn2p6mioilq0id22wdtjlgd0wqng4omk"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606663/; classtype:trojan-activity;sid:84469763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/imprb9fnwz2vcdgchtobpldzviclntx5on"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606664/; classtype:trojan-activity;sid:84469764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/1g7dp1y3ftebxuufyjhwuimrnbc2n48vyd"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606657/; classtype:trojan-activity;sid:84469757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/7xsctfdp2e2msqcpxotzm8snnpejtdm5hb"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606658/; classtype:trojan-activity;sid:84469758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bpz54sttmwmcgnlmvdsrxf7plugme6nn6m"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606659/; classtype:trojan-activity;sid:84469759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g7ainjazfajjzxapk9cfkiylpfco3gtx1i"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606660/; classtype:trojan-activity;sid:84469760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ge1msjk9jyfdxjmtygm4esflb4btwtgz5u"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606656/; classtype:trojan-activity;sid:84469756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/p4vapvmxfryrtvayudli1dd4noesxvqv2u"; depth:40; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606655/; classtype:trojan-activity;sid:84469755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ge1msjk9jyfdxjmtygm4esflb4btwtgz5u"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606654/; classtype:trojan-activity;sid:84469754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lespim"; depth:12; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606650/; classtype:trojan-activity;sid:84469750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/7xsctfdp2e2msqcpxotzm8snnpejtdm5hb"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606651/; classtype:trojan-activity;sid:84469751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l7vmra"; depth:7; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606652/; classtype:trojan-activity;sid:84469752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g3wpjzlimwkz0xbjhfm4p64zfdsnhrqji8"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606653/; classtype:trojan-activity;sid:84469753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nmvymadfv0bzn4yyw4k00alwa8iccwrfnw"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606647/; classtype:trojan-activity;sid:84469747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k86m"; depth:10; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606648/; classtype:trojan-activity;sid:84469748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g7ainjazfajjzxapk9cfkiylpfco3gtx1i"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606649/; classtype:trojan-activity;sid:84469749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/p4vapvmxfryrtvayudli1dd4noesxvqv2u"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606646/; classtype:trojan-activity;sid:84469746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/686i"; depth:10; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606643/; classtype:trojan-activity;sid:84469743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mspto2w0qxyseexqwnfefrvk5zamnoltob"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606644/; classtype:trojan-activity;sid:84469744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yuijhiojc21w3swmxtqvh6herj8myisn5v"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606645/; classtype:trojan-activity;sid:84469745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/1g7dp1y3ftebxuufyjhwuimrnbc2n48vyd"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606641/; classtype:trojan-activity;sid:84469741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/l1pn4wxapdx2yv5s5sixzkyglq4y30nnf3"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606642/; classtype:trojan-activity;sid:84469742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/imprb9fnwz2vcdgchtobpldzviclntx5on"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606638/; classtype:trojan-activity;sid:84469738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/e0rn2p6mioilq0id22wdtjlgd0wqng4omk"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606639/; classtype:trojan-activity;sid:84469739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bpz54sttmwmcgnlmvdsrxf7plugme6nn6m"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606640/; classtype:trojan-activity;sid:84469740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hqxikbltktw1ntgpbooznunq3udab6isup"; depth:40; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606636/; classtype:trojan-activity;sid:84469736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spim"; depth:5; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606637/; classtype:trojan-activity;sid:84469737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spim"; depth:10; endswith; nocase; http.host; content:"starlight.fans"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606635/; classtype:trojan-activity;sid:84469735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.208.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606634/; classtype:trojan-activity;sid:84469734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.120.239"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606633/; classtype:trojan-activity;sid:84469733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.180.2"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606632/; classtype:trojan-activity;sid:84469732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.147.64.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606631/; classtype:trojan-activity;sid:84469731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.105.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606630/; classtype:trojan-activity;sid:84469730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.61.211"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606629/; classtype:trojan-activity;sid:84469729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.120.239"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606628/; classtype:trojan-activity;sid:84469728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spim"; depth:5; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606627/; classtype:trojan-activity;sid:84469727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.138.13"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606626/; classtype:trojan-activity;sid:84469726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.105.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606625/; classtype:trojan-activity;sid:84469725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.196.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606624/; classtype:trojan-activity;sid:84469724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.228.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606623/; classtype:trojan-activity;sid:84469723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.35.52"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606622/; classtype:trojan-activity;sid:84469722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.91.20"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606621/; classtype:trojan-activity;sid:84469721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.91.20"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606620/; classtype:trojan-activity;sid:84469720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.223.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606619/; classtype:trojan-activity;sid:84469719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.228.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606618/; classtype:trojan-activity;sid:84469718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.198.55.17"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606617/; classtype:trojan-activity;sid:84469717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606616/; classtype:trojan-activity;sid:84469716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.196.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606615/; classtype:trojan-activity;sid:84469715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.138.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606614/; classtype:trojan-activity;sid:84469714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606613/; classtype:trojan-activity;sid:84469713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.26.40"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606612/; classtype:trojan-activity;sid:84469712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.223.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606611/; classtype:trojan-activity;sid:84469711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.154.186"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606610/; classtype:trojan-activity;sid:84469710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.63.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606609/; classtype:trojan-activity;sid:84469709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.80.220.243"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606608/; classtype:trojan-activity;sid:84469708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.91.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606607/; classtype:trojan-activity;sid:84469707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.138.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606606/; classtype:trojan-activity;sid:84469706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.44.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606605/; classtype:trojan-activity;sid:84469705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.121.130"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606604/; classtype:trojan-activity;sid:84469704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.227.34"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606603/; classtype:trojan-activity;sid:84469703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.166.53"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606602/; classtype:trojan-activity;sid:84469702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.24.70"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606601/; classtype:trojan-activity;sid:84469701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.127.147"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606600/; classtype:trojan-activity;sid:84469700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.26.40"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606599/; classtype:trojan-activity;sid:84469699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.26.126"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606598/; classtype:trojan-activity;sid:84469698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.80.220.243"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606597/; classtype:trojan-activity;sid:84469697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.24.70"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606596/; classtype:trojan-activity;sid:84469696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.166.53"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606595/; classtype:trojan-activity;sid:84469695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/09cjp5ya4tywyyr.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606594/; classtype:trojan-activity;sid:84469694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.121.130"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606593/; classtype:trojan-activity;sid:84469693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scriptmon.vbs"; depth:14; endswith; nocase; http.host; content:"107.175.243.143"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606592/; classtype:trojan-activity;sid:84469692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuhgxh078wtth5l.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606591/; classtype:trojan-activity;sid:84469691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esdhkcbwgnuemau.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606590/; classtype:trojan-activity;sid:84469690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wecumtoday.vbs"; depth:15; endswith; nocase; http.host; content:"107.175.243.143"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606589/; classtype:trojan-activity;sid:84469689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snoopdig.mp4"; depth:13; endswith; nocase; http.host; content:"arroop.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606588/; classtype:trojan-activity;sid:84469688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lazagne.bat"; depth:12; endswith; nocase; http.host; content:"83.244.163.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606587/; classtype:trojan-activity;sid:84469687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.63.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606586/; classtype:trojan-activity;sid:84469686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunscreen.pfm"; depth:14; endswith; nocase; http.host; content:"sepmetals.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606585/; classtype:trojan-activity;sid:84469685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/direct/dfaca5c3-f89a-4550-8eed-3e9bd5716e4d/dllskys.txt"; depth:65; endswith; nocase; http.host; content:"store-na-phx-1.gofile.io"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606584/; classtype:trojan-activity;sid:84469684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/gho68fnvg65xz28suje5a/server-dc-vps.txt|3f|rlkey=hf9fvdqt62lmuu6jv4lizr9s4|7c|26|7c|st=blqwd2qz|7c|26|7c|dl=1"; depth:117; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606583/; classtype:trojan-activity;sid:84469683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/direct/813888e8-32bf-49fc-8f77-567fa78276ed/peskyfall.txt"; depth:67; endswith; nocase; http.host; content:"store9.gofile.io"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606582/; classtype:trojan-activity;sid:84469682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/4fzpfkksvg"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606581/; classtype:trojan-activity;sid:84469681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includesx/js/dist/numx.js"; depth:29; endswith; nocase; http.host; content:"ccihunedoara.ro"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606580/; classtype:trojan-activity;sid:84469680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includesx/js/dist/hooks.mins.js"; depth:35; endswith; nocase; http.host; content:"ccihunedoara.ro"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606579/; classtype:trojan-activity;sid:84469679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/yxlwbvnxjl"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606578/; classtype:trojan-activity;sid:84469678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/9e3363f017c60726bf610a2a472040144t."; depth:41; endswith; nocase; http.host; content:"file.uhsea.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606577/; classtype:trojan-activity;sid:84469677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oe48d6.zip"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606576/; classtype:trojan-activity;sid:84469676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npm333.zip"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606575/; classtype:trojan-activity;sid:84469675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2snbws.zip"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606574/; classtype:trojan-activity;sid:84469674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.91.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606573/; classtype:trojan-activity;sid:84469673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.90.164"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606572/; classtype:trojan-activity;sid:84469672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.81.245"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606571/; classtype:trojan-activity;sid:84469671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.151.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606570/; classtype:trojan-activity;sid:84469670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qwvzv.pdf"; depth:10; endswith; nocase; http.host; content:"196.251.92.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606569/; classtype:trojan-activity;sid:84469669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlfmth.mp4"; depth:11; endswith; nocase; http.host; content:"196.251.92.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606568/; classtype:trojan-activity;sid:84469668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jrvzmiiron.mp3"; depth:15; endswith; nocase; http.host; content:"196.251.92.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606566/; classtype:trojan-activity;sid:84469666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkysatoqxi.mp3"; depth:15; endswith; nocase; http.host; content:"196.251.92.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606567/; classtype:trojan-activity;sid:84469667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.37.81.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606565/; classtype:trojan-activity;sid:84469665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff/lee.zip"; depth:11; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606564/; classtype:trojan-activity;sid:84469664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5/xzcafwerfs.zip"; depth:18; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606563/; classtype:trojan-activity;sid:84469663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5/was.zip"; depth:11; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606562/; classtype:trojan-activity;sid:84469662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff/lewill.txt"; depth:14; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606551/; classtype:trojan-activity;sid:84469651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fod4/stein.txt"; depth:15; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606552/; classtype:trojan-activity;sid:84469652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff/stein.exe"; depth:13; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606553/; classtype:trojan-activity;sid:84469653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff/vxvxh6.zip"; depth:14; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606554/; classtype:trojan-activity;sid:84469654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fod4/slyy.txt"; depth:14; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606555/; classtype:trojan-activity;sid:84469655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff/jayyy.zip"; depth:13; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606556/; classtype:trojan-activity;sid:84469656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fod4/blaqq.txt"; depth:15; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606557/; classtype:trojan-activity;sid:84469657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff/stein.txt"; depth:13; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606558/; classtype:trojan-activity;sid:84469658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff/jaysmtp.txt"; depth:15; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606559/; classtype:trojan-activity;sid:84469659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/host2/newrem.exe"; depth:17; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606560/; classtype:trojan-activity;sid:84469660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff/steinnnn.zip"; depth:16; endswith; nocase; http.host; content:"198.55.98.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606561/; classtype:trojan-activity;sid:84469661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.spc"; depth:9; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606550/; classtype:trojan-activity;sid:84469650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; depth:87; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606540/; classtype:trojan-activity;sid:84469640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i468"; depth:26; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606541/; classtype:trojan-activity;sid:84469641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.m58k"; depth:11; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606542/; classtype:trojan-activity;sid:84469642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606543/; classtype:trojan-activity;sid:84469643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606544/; classtype:trojan-activity;sid:84469644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606545/; classtype:trojan-activity;sid:84469645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606546/; classtype:trojan-activity;sid:84469646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606547/; classtype:trojan-activity;sid:84469647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606548/; classtype:trojan-activity;sid:84469648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o/armv7l"; depth:9; endswith; nocase; http.host; content:"158.51.126.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606549/; classtype:trojan-activity;sid:84469649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o/armv5l"; depth:9; endswith; nocase; http.host; content:"158.51.126.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606539/; classtype:trojan-activity;sid:84469639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o/armv4l"; depth:9; endswith; nocase; http.host; content:"158.51.126.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606538/; classtype:trojan-activity;sid:84469638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606537/; classtype:trojan-activity;sid:84469637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windowsscreen.exe"; depth:18; endswith; nocase; http.host; content:"5.83.218.183"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606536/; classtype:trojan-activity;sid:84469636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svhost.exe"; depth:11; endswith; nocase; http.host; content:"5.83.218.183"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606535/; classtype:trojan-activity;sid:84469635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606534/; classtype:trojan-activity;sid:84469634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606533/; classtype:trojan-activity;sid:84469633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606529/; classtype:trojan-activity;sid:84469629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606530/; classtype:trojan-activity;sid:84469630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606531/; classtype:trojan-activity;sid:84469631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606532/; classtype:trojan-activity;sid:84469632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_spc"; depth:9; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606523/; classtype:trojan-activity;sid:84469623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606524/; classtype:trojan-activity;sid:84469624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606525/; classtype:trojan-activity;sid:84469625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606526/; classtype:trojan-activity;sid:84469626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606527/; classtype:trojan-activity;sid:84469627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"porten.top"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606528/; classtype:trojan-activity;sid:84469628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.81.245"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606522/; classtype:trojan-activity;sid:84469622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mips"; depth:11; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606520/; classtype:trojan-activity;sid:84469620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv5l"; depth:13; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606521/; classtype:trojan-activity;sid:84469621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv7l"; depth:13; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606519/; classtype:trojan-activity;sid:84469619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i486"; depth:11; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606518/; classtype:trojan-activity;sid:84469618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.x86_64"; depth:13; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606516/; classtype:trojan-activity;sid:84469616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mipsel"; depth:13; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606517/; classtype:trojan-activity;sid:84469617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc"; depth:14; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606514/; classtype:trojan-activity;sid:84469614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc64"; depth:16; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606515/; classtype:trojan-activity;sid:84469615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.aarch64"; depth:14; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606511/; classtype:trojan-activity;sid:84469611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i686"; depth:11; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606512/; classtype:trojan-activity;sid:84469612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv6l"; depth:13; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606513/; classtype:trojan-activity;sid:84469613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.m68k"; depth:11; endswith; nocase; http.host; content:"app-monespaces-securpass-assurances.art"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606510/; classtype:trojan-activity;sid:84469610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lab2/ivhnx"; depth:11; endswith; nocase; http.host; content:"23.95.245.178"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606508/; classtype:trojan-activity;sid:84469608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lab2/eucbn"; depth:11; endswith; nocase; http.host; content:"23.95.245.178"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606509/; classtype:trojan-activity;sid:84469609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lab2/xpifs"; depth:11; endswith; nocase; http.host; content:"23.95.245.178"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606506/; classtype:trojan-activity;sid:84469606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lab2/0pjsa"; depth:11; endswith; nocase; http.host; content:"23.95.245.178"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606507/; classtype:trojan-activity;sid:84469607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6331503294/rsjtgw4.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606505/; classtype:trojan-activity;sid:84469605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"142.214.203.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606503/; classtype:trojan-activity;sid:84469603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.159.140"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606504/; classtype:trojan-activity;sid:84469604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"142.214.203.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606502/; classtype:trojan-activity;sid:84469602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"142.214.203.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606493/; classtype:trojan-activity;sid:84469593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"142.214.203.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606494/; classtype:trojan-activity;sid:84469594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"142.214.203.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606495/; classtype:trojan-activity;sid:84469595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"142.214.203.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606496/; classtype:trojan-activity;sid:84469596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"142.214.203.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606497/; classtype:trojan-activity;sid:84469597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"142.214.203.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606498/; classtype:trojan-activity;sid:84469598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"142.214.203.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606499/; classtype:trojan-activity;sid:84469599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"142.214.203.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606500/; classtype:trojan-activity;sid:84469600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"142.214.203.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606501/; classtype:trojan-activity;sid:84469601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mips"; depth:11; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606489/; classtype:trojan-activity;sid:84469589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv7l"; depth:13; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606490/; classtype:trojan-activity;sid:84469590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv6l"; depth:13; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606491/; classtype:trojan-activity;sid:84469591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv5l"; depth:13; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606492/; classtype:trojan-activity;sid:84469592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc64"; depth:16; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606482/; classtype:trojan-activity;sid:84469582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i686"; depth:11; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606483/; classtype:trojan-activity;sid:84469583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i486"; depth:11; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606484/; classtype:trojan-activity;sid:84469584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mipsel"; depth:13; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606485/; classtype:trojan-activity;sid:84469585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.m68k"; depth:11; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606486/; classtype:trojan-activity;sid:84469586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.aarch64"; depth:14; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606487/; classtype:trojan-activity;sid:84469587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc"; depth:14; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606488/; classtype:trojan-activity;sid:84469588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.x86_64"; depth:13; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606481/; classtype:trojan-activity;sid:84469581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mipsel"; depth:13; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606479/; classtype:trojan-activity;sid:84469579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i686"; depth:11; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606480/; classtype:trojan-activity;sid:84469580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.aarch64"; depth:14; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606473/; classtype:trojan-activity;sid:84469573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.x86_64"; depth:13; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606474/; classtype:trojan-activity;sid:84469574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc"; depth:14; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606475/; classtype:trojan-activity;sid:84469575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.m68k"; depth:11; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606476/; classtype:trojan-activity;sid:84469576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv7l"; depth:13; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606477/; classtype:trojan-activity;sid:84469577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv6l"; depth:13; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606478/; classtype:trojan-activity;sid:84469578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc64"; depth:16; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606469/; classtype:trojan-activity;sid:84469569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i486"; depth:11; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606470/; classtype:trojan-activity;sid:84469570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mips"; depth:11; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606471/; classtype:trojan-activity;sid:84469571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv5l"; depth:13; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606472/; classtype:trojan-activity;sid:84469572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.80.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606468/; classtype:trojan-activity;sid:84469568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.236.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606467/; classtype:trojan-activity;sid:84469567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.105.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606466/; classtype:trojan-activity;sid:84469566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"89.213.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606464/; classtype:trojan-activity;sid:84469564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"89.213.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606465/; classtype:trojan-activity;sid:84469565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"89.213.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606461/; classtype:trojan-activity;sid:84469561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"89.213.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606462/; classtype:trojan-activity;sid:84469562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"89.213.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606463/; classtype:trojan-activity;sid:84469563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.251.227"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606460/; classtype:trojan-activity;sid:84469560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/launcher.exe"; depth:20; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606459/; classtype:trojan-activity;sid:84469559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.x86"; depth:9; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606458/; classtype:trojan-activity;sid:84469558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/logonui.exe"; depth:19; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606457/; classtype:trojan-activity;sid:84469557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/autoruns.exe"; depth:20; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606456/; classtype:trojan-activity;sid:84469556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/anydeskbackdoor.ps1"; depth:27; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606454/; classtype:trojan-activity;sid:84469554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/launcher2han.exe"; depth:24; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606455/; classtype:trojan-activity;sid:84469555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/anyinstall.bat"; depth:22; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606453/; classtype:trojan-activity;sid:84469553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/addrescheck.php"; depth:23; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606451/; classtype:trojan-activity;sid:84469551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/checkminerupdate.php"; depth:28; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606452/; classtype:trojan-activity;sid:84469552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/akee2.exe"; depth:17; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606450/; classtype:trojan-activity;sid:84469550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/akee.exe"; depth:16; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606449/; classtype:trojan-activity;sid:84469549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.mipsel"; depth:12; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606448/; classtype:trojan-activity;sid:84469548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606447/; classtype:trojan-activity;sid:84469547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quicksign.exe"; depth:14; endswith; nocase; http.host; content:"pub-4b640a8d4e46474498876111defbf24b.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606445/; classtype:trojan-activity;sid:84469545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/ak123ee.rar"; depth:19; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606446/; classtype:trojan-activity;sid:84469546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/akee.rar"; depth:16; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606444/; classtype:trojan-activity;sid:84469544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.x86_64"; depth:12; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606442/; classtype:trojan-activity;sid:84469542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.sh4"; depth:9; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606443/; classtype:trojan-activity;sid:84469543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm4l"; depth:11; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606441/; classtype:trojan-activity;sid:84469541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm6l"; depth:11; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606437/; classtype:trojan-activity;sid:84469537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.mips"; depth:10; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606438/; classtype:trojan-activity;sid:84469538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm7l"; depth:11; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606439/; classtype:trojan-activity;sid:84469539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass"; depth:5; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606440/; classtype:trojan-activity;sid:84469540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7125646839/xrnywpb.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606434/; classtype:trojan-activity;sid:84469534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipcam.tplink.sh"; depth:16; endswith; nocase; http.host; content:"196.251.69.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606435/; classtype:trojan-activity;sid:84469535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipcam.tplink.sh"; depth:16; endswith; nocase; http.host; content:"87.121.84.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606436/; classtype:trojan-activity;sid:84469536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/anydesk.exe"; depth:19; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606432/; classtype:trojan-activity;sid:84469532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.sparc"; depth:11; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606433/; classtype:trojan-activity;sid:84469533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/winring0x64.sys"; depth:23; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606427/; classtype:trojan-activity;sid:84469527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm5l"; depth:11; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606428/; classtype:trojan-activity;sid:84469528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606429/; classtype:trojan-activity;sid:84469529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606430/; classtype:trojan-activity;sid:84469530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.m68k"; depth:10; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606431/; classtype:trojan-activity;sid:84469531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606423/; classtype:trojan-activity;sid:84469523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606424/; classtype:trojan-activity;sid:84469524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606425/; classtype:trojan-activity;sid:84469525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/akee.ps1"; depth:16; endswith; nocase; http.host; content:"162.240.80.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606426/; classtype:trojan-activity;sid:84469526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606419/; classtype:trojan-activity;sid:84469519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606420/; classtype:trojan-activity;sid:84469520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606421/; classtype:trojan-activity;sid:84469521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606422/; classtype:trojan-activity;sid:84469522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606417/; classtype:trojan-activity;sid:84469517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606418/; classtype:trojan-activity;sid:84469518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn.sh"; depth:8; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606415/; classtype:trojan-activity;sid:84469515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6331503294/uuf5xhe.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606416/; classtype:trojan-activity;sid:84469516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug"; depth:6; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606414/; classtype:trojan-activity;sid:84469514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606412/; classtype:trojan-activity;sid:84469512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606413/; classtype:trojan-activity;sid:84469513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606411/; classtype:trojan-activity;sid:84469511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606407/; classtype:trojan-activity;sid:84469507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606408/; classtype:trojan-activity;sid:84469508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re.sh"; depth:6; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606409/; classtype:trojan-activity;sid:84469509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606410/; classtype:trojan-activity;sid:84469510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.arc"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606406/; classtype:trojan-activity;sid:84469506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606405/; classtype:trojan-activity;sid:84469505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606397/; classtype:trojan-activity;sid:84469497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606398/; classtype:trojan-activity;sid:84469498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606399/; classtype:trojan-activity;sid:84469499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606400/; classtype:trojan-activity;sid:84469500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606401/; classtype:trojan-activity;sid:84469501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606402/; classtype:trojan-activity;sid:84469502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arc"; depth:25; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606403/; classtype:trojan-activity;sid:84469503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606404/; classtype:trojan-activity;sid:84469504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.m68k"; depth:11; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606396/; classtype:trojan-activity;sid:84469496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.61.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606395/; classtype:trojan-activity;sid:84469495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.2.39.140"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606394/; classtype:trojan-activity;sid:84469494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.135.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606393/; classtype:trojan-activity;sid:84469493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.mpsl"; depth:10; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606392/; classtype:trojan-activity;sid:84469492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606391/; classtype:trojan-activity;sid:84469491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.246.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606390/; classtype:trojan-activity;sid:84469490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606389/; classtype:trojan-activity;sid:84469489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606388/; classtype:trojan-activity;sid:84469488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606386/; classtype:trojan-activity;sid:84469486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606387/; classtype:trojan-activity;sid:84469487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606385/; classtype:trojan-activity;sid:84469485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606384/; classtype:trojan-activity;sid:84469484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606383/; classtype:trojan-activity;sid:84469483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606381/; classtype:trojan-activity;sid:84469481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606382/; classtype:trojan-activity;sid:84469482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606380/; classtype:trojan-activity;sid:84469480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606379/; classtype:trojan-activity;sid:84469479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"ntf.mohtash.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606378/; classtype:trojan-activity;sid:84469478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606377/; classtype:trojan-activity;sid:84469477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.135.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606376/; classtype:trojan-activity;sid:84469476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.178"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606375/; classtype:trojan-activity;sid:84469475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.182.164"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606374/; classtype:trojan-activity;sid:84469474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.76.216"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606373/; classtype:trojan-activity;sid:84469473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606372/; classtype:trojan-activity;sid:84469472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.194.0"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606370/; classtype:trojan-activity;sid:84469470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.188.91.108"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606371/; classtype:trojan-activity;sid:84469471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.3.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606367/; classtype:trojan-activity;sid:84469467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.103.91"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606368/; classtype:trojan-activity;sid:84469468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.188.91.108"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606369/; classtype:trojan-activity;sid:84469469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606365/; classtype:trojan-activity;sid:84469465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.3.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606366/; classtype:trojan-activity;sid:84469466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606363/; classtype:trojan-activity;sid:84469463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"163.5.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606364/; classtype:trojan-activity;sid:84469464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.189.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606362/; classtype:trojan-activity;sid:84469462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.200.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606361/; classtype:trojan-activity;sid:84469461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.162.211"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606360/; classtype:trojan-activity;sid:84469460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.70.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606359/; classtype:trojan-activity;sid:84469459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.140.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606358/; classtype:trojan-activity;sid:84469458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.77.152"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606357/; classtype:trojan-activity;sid:84469457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.110.115"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606356/; classtype:trojan-activity;sid:84469456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.143.156"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606355/; classtype:trojan-activity;sid:84469455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.25.140"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606354/; classtype:trojan-activity;sid:84469454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"89.213.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606353/; classtype:trojan-activity;sid:84469453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"89.213.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606350/; classtype:trojan-activity;sid:84469450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"89.213.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606351/; classtype:trojan-activity;sid:84469451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"89.213.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606352/; classtype:trojan-activity;sid:84469452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606349/; classtype:trojan-activity;sid:84469449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606339/; classtype:trojan-activity;sid:84469439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606340/; classtype:trojan-activity;sid:84469440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606341/; classtype:trojan-activity;sid:84469441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606342/; classtype:trojan-activity;sid:84469442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606343/; classtype:trojan-activity;sid:84469443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606344/; classtype:trojan-activity;sid:84469444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606345/; classtype:trojan-activity;sid:84469445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"89.213.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606346/; classtype:trojan-activity;sid:84469446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"89.213.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606347/; classtype:trojan-activity;sid:84469447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606348/; classtype:trojan-activity;sid:84469448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.41.213"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606338/; classtype:trojan-activity;sid:84469438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.89.46"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606337/; classtype:trojan-activity;sid:84469437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.110.115"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606336/; classtype:trojan-activity;sid:84469436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.186.51"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606335/; classtype:trojan-activity;sid:84469435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.89.46"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606334/; classtype:trojan-activity;sid:84469434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.111.41.155"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606333/; classtype:trojan-activity;sid:84469433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.183.170.156"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606332/; classtype:trojan-activity;sid:84469432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.176.243"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606331/; classtype:trojan-activity;sid:84469431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.183.170.156"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606330/; classtype:trojan-activity;sid:84469430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.24.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606329/; classtype:trojan-activity;sid:84469429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.222.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606328/; classtype:trojan-activity;sid:84469428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.135.74"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606327/; classtype:trojan-activity;sid:84469427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.111.41.155"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606326/; classtype:trojan-activity;sid:84469426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.152.240"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606325/; classtype:trojan-activity;sid:84469425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.160.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606324/; classtype:trojan-activity;sid:84469424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.176.243"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606323/; classtype:trojan-activity;sid:84469423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.73.23"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606322/; classtype:trojan-activity;sid:84469422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.58.178"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606321/; classtype:trojan-activity;sid:84469421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.122.52.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606320/; classtype:trojan-activity;sid:84469420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.160.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606319/; classtype:trojan-activity;sid:84469419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.220.233"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606318/; classtype:trojan-activity;sid:84469418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.73.23"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606317/; classtype:trojan-activity;sid:84469417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.219.147"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606316/; classtype:trojan-activity;sid:84469416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.63.93"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606315/; classtype:trojan-activity;sid:84469415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.220.233"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606314/; classtype:trojan-activity;sid:84469414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.210.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606313/; classtype:trojan-activity;sid:84469413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606312/; classtype:trojan-activity;sid:84469412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.124.45.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606311/; classtype:trojan-activity;sid:84469411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.187.206"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606310/; classtype:trojan-activity;sid:84469410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.54.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606309/; classtype:trojan-activity;sid:84469409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.210.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606308/; classtype:trojan-activity;sid:84469408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.85.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606307/; classtype:trojan-activity;sid:84469407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.234.69"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606306/; classtype:trojan-activity;sid:84469406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.88.250"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606305/; classtype:trojan-activity;sid:84469405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.89.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606304/; classtype:trojan-activity;sid:84469404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.60.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606303/; classtype:trojan-activity;sid:84469403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.255.55"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606302/; classtype:trojan-activity;sid:84469402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.2.68"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606301/; classtype:trojan-activity;sid:84469401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.244.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606300/; classtype:trojan-activity;sid:84469400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.218.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606299/; classtype:trojan-activity;sid:84469399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.60.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606298/; classtype:trojan-activity;sid:84469398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.244.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606297/; classtype:trojan-activity;sid:84469397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.141.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606296/; classtype:trojan-activity;sid:84469396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.185.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606295/; classtype:trojan-activity;sid:84469395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.252.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606294/; classtype:trojan-activity;sid:84469394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.252.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606293/; classtype:trojan-activity;sid:84469393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.11.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606292/; classtype:trojan-activity;sid:84469392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.105.178"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606291/; classtype:trojan-activity;sid:84469391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.185.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606289/; classtype:trojan-activity;sid:84469389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.141.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606290/; classtype:trojan-activity;sid:84469390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.21.33"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606288/; classtype:trojan-activity;sid:84469388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.91.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606287/; classtype:trojan-activity;sid:84469387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.11.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606286/; classtype:trojan-activity;sid:84469386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.111.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606285/; classtype:trojan-activity;sid:84469385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.255.55"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606284/; classtype:trojan-activity;sid:84469384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.236.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606283/; classtype:trojan-activity;sid:84469383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606282/; classtype:trojan-activity;sid:84469382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/wp-machinery-skeletale/index.php|3f|r=bd1odhrwczovl2rxcmridi5jb20v"; depth:86; endswith; nocase; http.host; content:"totalpropertycare.ae"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606281/; classtype:trojan-activity;sid:84469381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.161.214.180"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606280/; classtype:trojan-activity;sid:84469380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.119.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606278/; classtype:trojan-activity;sid:84469378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.122.23"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606279/; classtype:trojan-activity;sid:84469379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606277/; classtype:trojan-activity;sid:84469377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.86.231"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606276/; classtype:trojan-activity;sid:84469376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.49.185"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606274/; classtype:trojan-activity;sid:84469374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.220.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606275/; classtype:trojan-activity;sid:84469375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"87.248.130.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606273/; classtype:trojan-activity;sid:84469373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.236.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606272/; classtype:trojan-activity;sid:84469372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.46.30.63"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606271/; classtype:trojan-activity;sid:84469371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.56.81"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606270/; classtype:trojan-activity;sid:84469370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.137.237"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606269/; classtype:trojan-activity;sid:84469369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.46.30.63"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606268/; classtype:trojan-activity;sid:84469368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.189.138"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606267/; classtype:trojan-activity;sid:84469367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.24.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606266/; classtype:trojan-activity;sid:84469366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.137.237"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606265/; classtype:trojan-activity;sid:84469365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.234.142"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606264/; classtype:trojan-activity;sid:84469364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.20.247"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606262/; classtype:trojan-activity;sid:84469362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.193.13"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606263/; classtype:trojan-activity;sid:84469363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.55.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606261/; classtype:trojan-activity;sid:84469361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.102.113"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606260/; classtype:trojan-activity;sid:84469360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.236.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606259/; classtype:trojan-activity;sid:84469359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.38.146"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606258/; classtype:trojan-activity;sid:84469358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.168.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606257/; classtype:trojan-activity;sid:84469357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.28.63.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606256/; classtype:trojan-activity;sid:84469356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.28.63.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606255/; classtype:trojan-activity;sid:84469355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.168.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606254/; classtype:trojan-activity;sid:84469354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.116.122"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606252/; classtype:trojan-activity;sid:84469352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.19.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606253/; classtype:trojan-activity;sid:84469353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.46.213"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606251/; classtype:trojan-activity;sid:84469351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.53.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606250/; classtype:trojan-activity;sid:84469350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc"; depth:14; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606249/; classtype:trojan-activity;sid:84469349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv5l"; depth:13; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606248/; classtype:trojan-activity;sid:84469348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mipsel"; depth:13; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606246/; classtype:trojan-activity;sid:84469346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc64"; depth:16; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606247/; classtype:trojan-activity;sid:84469347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv7l"; depth:13; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606245/; classtype:trojan-activity;sid:84469345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.aarch64"; depth:14; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606238/; classtype:trojan-activity;sid:84469338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc"; depth:14; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606239/; classtype:trojan-activity;sid:84469339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.x86_64"; depth:13; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606240/; classtype:trojan-activity;sid:84469340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv7l"; depth:13; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606241/; classtype:trojan-activity;sid:84469341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv6l"; depth:13; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606242/; classtype:trojan-activity;sid:84469342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc64"; depth:16; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606243/; classtype:trojan-activity;sid:84469343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i486"; depth:11; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606244/; classtype:trojan-activity;sid:84469344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mipsel"; depth:13; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606233/; classtype:trojan-activity;sid:84469333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i686"; depth:11; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606234/; classtype:trojan-activity;sid:84469334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.m68k"; depth:11; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606235/; classtype:trojan-activity;sid:84469335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.m68k"; depth:11; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606236/; classtype:trojan-activity;sid:84469336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i686"; depth:11; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606237/; classtype:trojan-activity;sid:84469337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.aarch64"; depth:14; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606228/; classtype:trojan-activity;sid:84469328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i486"; depth:11; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606229/; classtype:trojan-activity;sid:84469329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv6l"; depth:13; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606230/; classtype:trojan-activity;sid:84469330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.x86_64"; depth:13; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606231/; classtype:trojan-activity;sid:84469331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mips"; depth:11; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606232/; classtype:trojan-activity;sid:84469332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv5l"; depth:13; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606226/; classtype:trojan-activity;sid:84469326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mips"; depth:11; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606227/; classtype:trojan-activity;sid:84469327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.46.213"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606225/; classtype:trojan-activity;sid:84469325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.99.3"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606224/; classtype:trojan-activity;sid:84469324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.222.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606223/; classtype:trojan-activity;sid:84469323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.195.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606222/; classtype:trojan-activity;sid:84469322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.10.94"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606221/; classtype:trojan-activity;sid:84469321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipcam.tplink.sh"; depth:16; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606220/; classtype:trojan-activity;sid:84469320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.142.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606219/; classtype:trojan-activity;sid:84469319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipcam.tplink.sh"; depth:16; endswith; nocase; http.host; content:"176.65.149.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606218/; classtype:trojan-activity;sid:84469318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606217/; classtype:trojan-activity;sid:84469317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.arm5"; depth:11; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606216/; classtype:trojan-activity;sid:84469316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.x86_64"; depth:13; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606215/; classtype:trojan-activity;sid:84469315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606213/; classtype:trojan-activity;sid:84469313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606214/; classtype:trojan-activity;sid:84469314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.arm"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606212/; classtype:trojan-activity;sid:84469312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.x86"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606203/; classtype:trojan-activity;sid:84469303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.arm6"; depth:11; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606204/; classtype:trojan-activity;sid:84469304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.ppc"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606205/; classtype:trojan-activity;sid:84469305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.arm7"; depth:11; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606206/; classtype:trojan-activity;sid:84469306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.sh4"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606207/; classtype:trojan-activity;sid:84469307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.mpsl"; depth:11; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606208/; classtype:trojan-activity;sid:84469308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.spc"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606209/; classtype:trojan-activity;sid:84469309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipcam.tplink.sh"; depth:16; endswith; nocase; http.host; content:"87.121.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606210/; classtype:trojan-activity;sid:84469310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.i686"; depth:11; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606211/; classtype:trojan-activity;sid:84469311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5254702106/trvb3co.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606201/; classtype:trojan-activity;sid:84469301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morte.mips"; depth:11; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606202/; classtype:trojan-activity;sid:84469302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1704139695/9htpxu7.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606198/; classtype:trojan-activity;sid:84469298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8195209518/beyhxrp.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606199/; classtype:trojan-activity;sid:84469299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7887437310/z12fool.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606200/; classtype:trojan-activity;sid:84469300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.112.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606197/; classtype:trojan-activity;sid:84469297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/core.ps1"; depth:9; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606196/; classtype:trojan-activity;sid:84469296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell.ps1"; depth:10; endswith; nocase; http.host; content:"57.155.1.42"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606195/; classtype:trojan-activity;sid:84469295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sostener.vbs"; depth:13; endswith; nocase; http.host; content:"94.26.90.120"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606193/; classtype:trojan-activity;sid:84469293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sostener1.vbs"; depth:14; endswith; nocase; http.host; content:"94.26.90.120"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606194/; classtype:trojan-activity;sid:84469294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rot.ps1"; depth:8; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606192/; classtype:trojan-activity;sid:84469292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/layer.ps1.save"; depth:15; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606191/; classtype:trojan-activity;sid:84469291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proceso.vbs"; depth:12; endswith; nocase; http.host; content:"94.26.90.120"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606190/; classtype:trojan-activity;sid:84469290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell.exe"; depth:10; endswith; nocase; http.host; content:"57.155.1.42"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606189/; classtype:trojan-activity;sid:84469289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.bat"; depth:11; endswith; nocase; http.host; content:"57.155.1.42"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606186/; classtype:trojan-activity;sid:84469286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell.zip"; depth:10; endswith; nocase; http.host; content:"57.155.1.42"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606187/; classtype:trojan-activity;sid:84469287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell.vbs"; depth:10; endswith; nocase; http.host; content:"57.155.1.42"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606188/; classtype:trojan-activity;sid:84469288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neocore.ps1"; depth:12; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606181/; classtype:trojan-activity;sid:84469281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neoesdras.ps1"; depth:14; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606182/; classtype:trojan-activity;sid:84469282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/core.ps1.save"; depth:14; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606183/; classtype:trojan-activity;sid:84469283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mscwindows.vbs"; depth:15; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606184/; classtype:trojan-activity;sid:84469284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/layer.enc"; depth:10; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606185/; classtype:trojan-activity;sid:84469285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.vbs"; depth:12; endswith; nocase; http.host; content:"94.26.90.120"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606180/; classtype:trojan-activity;sid:84469280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkneoesdras.ps1"; depth:18; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606175/; classtype:trojan-activity;sid:84469275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iuyiuyqwyiqueyiueyi/run.vbs"; depth:28; endswith; nocase; http.host; content:"64.176.207.81"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606176/; classtype:trojan-activity;sid:84469276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdlfkjsaldkjfsd/run.vbs"; depth:25; endswith; nocase; http.host; content:"64.176.207.81"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606177/; classtype:trojan-activity;sid:84469277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/layer.ps1"; depth:10; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606178/; classtype:trojan-activity;sid:84469278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mscwindows.ps1"; depth:15; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606179/; classtype:trojan-activity;sid:84469279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obfuscated.txt"; depth:15; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606173/; classtype:trojan-activity;sid:84469273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/core.ps1.save.1"; depth:16; endswith; nocase; http.host; content:"31.57.35.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606174/; classtype:trojan-activity;sid:84469274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.209.51"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606171/; classtype:trojan-activity;sid:84469271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606172/; classtype:trojan-activity;sid:84469272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.222.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606170/; classtype:trojan-activity;sid:84469270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.88.220"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606169/; classtype:trojan-activity;sid:84469269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.138.11"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606168/; classtype:trojan-activity;sid:84469268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.252.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606167/; classtype:trojan-activity;sid:84469267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.25.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606166/; classtype:trojan-activity;sid:84469266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.137.46.10"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606165/; classtype:trojan-activity;sid:84469265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606164/; classtype:trojan-activity;sid:84469264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.251"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606163/; classtype:trojan-activity;sid:84469263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"154.201.84.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606162/; classtype:trojan-activity;sid:84469262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"58.181.246.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606161/; classtype:trojan-activity;sid:84469261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"116.203.31.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606160/; classtype:trojan-activity;sid:84469260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.227.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606159/; classtype:trojan-activity;sid:84469259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.209.51"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606158/; classtype:trojan-activity;sid:84469258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.173.102"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606157/; classtype:trojan-activity;sid:84469257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.177.10"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606156/; classtype:trojan-activity;sid:84469256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.3.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606155/; classtype:trojan-activity;sid:84469255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.252.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606154/; classtype:trojan-activity;sid:84469254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.25.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606153/; classtype:trojan-activity;sid:84469253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.138.11"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606152/; classtype:trojan-activity;sid:84469252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.227.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606151/; classtype:trojan-activity;sid:84469251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.3.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606150/; classtype:trojan-activity;sid:84469250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.108.243"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606149/; classtype:trojan-activity;sid:84469249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.24.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606148/; classtype:trojan-activity;sid:84469248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"159.192.175.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606147/; classtype:trojan-activity;sid:84469247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.157.227.230"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606146/; classtype:trojan-activity;sid:84469246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.5.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606145/; classtype:trojan-activity;sid:84469245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.177.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606144/; classtype:trojan-activity;sid:84469244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.28.91"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606143/; classtype:trojan-activity;sid:84469243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.248.15.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606141/; classtype:trojan-activity;sid:84469241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.50.103"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606140/; classtype:trojan-activity;sid:84469240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arc"; depth:25; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606139/; classtype:trojan-activity;sid:84469239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606134/; classtype:trojan-activity;sid:84469234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606135/; classtype:trojan-activity;sid:84469235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.sh"; depth:5; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606136/; classtype:trojan-activity;sid:84469236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/debug"; depth:21; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606137/; classtype:trojan-activity;sid:84469237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606138/; classtype:trojan-activity;sid:84469238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606133/; classtype:trojan-activity;sid:84469233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606128/; classtype:trojan-activity;sid:84469228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606129/; classtype:trojan-activity;sid:84469229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606130/; classtype:trojan-activity;sid:84469230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606131/; classtype:trojan-activity;sid:84469231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606132/; classtype:trojan-activity;sid:84469232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arc"; depth:25; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606124/; classtype:trojan-activity;sid:84469224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606125/; classtype:trojan-activity;sid:84469225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606126/; classtype:trojan-activity;sid:84469226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606127/; classtype:trojan-activity;sid:84469227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606122/; classtype:trojan-activity;sid:84469222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"s3ov838.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606123/; classtype:trojan-activity;sid:84469223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.177.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606121/; classtype:trojan-activity;sid:84469221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606120/; classtype:trojan-activity;sid:84469220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606113/; classtype:trojan-activity;sid:84469213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606114/; classtype:trojan-activity;sid:84469214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606115/; classtype:trojan-activity;sid:84469215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606116/; classtype:trojan-activity;sid:84469216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606117/; classtype:trojan-activity;sid:84469217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606118/; classtype:trojan-activity;sid:84469218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606119/; classtype:trojan-activity;sid:84469219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606104/; classtype:trojan-activity;sid:84469204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606105/; classtype:trojan-activity;sid:84469205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606106/; classtype:trojan-activity;sid:84469206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606107/; classtype:trojan-activity;sid:84469207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606108/; classtype:trojan-activity;sid:84469208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606109/; classtype:trojan-activity;sid:84469209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606110/; classtype:trojan-activity;sid:84469210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606111/; classtype:trojan-activity;sid:84469211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"snoopdogweed.n0rv3m.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606112/; classtype:trojan-activity;sid:84469212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606103/; classtype:trojan-activity;sid:84469203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.sh"; depth:5; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606102/; classtype:trojan-activity;sid:84469202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606101/; classtype:trojan-activity;sid:84469201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606099/; classtype:trojan-activity;sid:84469199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606100/; classtype:trojan-activity;sid:84469200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606097/; classtype:trojan-activity;sid:84469197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606098/; classtype:trojan-activity;sid:84469198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606095/; classtype:trojan-activity;sid:84469195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606096/; classtype:trojan-activity;sid:84469196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606090/; classtype:trojan-activity;sid:84469190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606091/; classtype:trojan-activity;sid:84469191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606092/; classtype:trojan-activity;sid:84469192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606093/; classtype:trojan-activity;sid:84469193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606094/; classtype:trojan-activity;sid:84469194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/debug"; depth:21; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606084/; classtype:trojan-activity;sid:84469184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606085/; classtype:trojan-activity;sid:84469185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606086/; classtype:trojan-activity;sid:84469186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606087/; classtype:trojan-activity;sid:84469187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606088/; classtype:trojan-activity;sid:84469188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arc"; depth:25; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606089/; classtype:trojan-activity;sid:84469189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606082/; classtype:trojan-activity;sid:84469182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606083/; classtype:trojan-activity;sid:84469183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606075/; classtype:trojan-activity;sid:84469175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606076/; classtype:trojan-activity;sid:84469176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606077/; classtype:trojan-activity;sid:84469177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606078/; classtype:trojan-activity;sid:84469178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606079/; classtype:trojan-activity;sid:84469179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606080/; classtype:trojan-activity;sid:84469180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606081/; classtype:trojan-activity;sid:84469181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606074/; classtype:trojan-activity;sid:84469174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"s3ov8.ddns.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606070/; classtype:trojan-activity;sid:84469170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606071/; classtype:trojan-activity;sid:84469171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606072/; classtype:trojan-activity;sid:84469172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"nigga.dstat.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606073/; classtype:trojan-activity;sid:84469173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606069/; classtype:trojan-activity;sid:84469169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606067/; classtype:trojan-activity;sid:84469167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606068/; classtype:trojan-activity;sid:84469168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606060/; classtype:trojan-activity;sid:84469160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606061/; classtype:trojan-activity;sid:84469161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606062/; classtype:trojan-activity;sid:84469162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606063/; classtype:trojan-activity;sid:84469163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606064/; classtype:trojan-activity;sid:84469164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606065/; classtype:trojan-activity;sid:84469165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606066/; classtype:trojan-activity;sid:84469166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606059/; classtype:trojan-activity;sid:84469159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606049/; classtype:trojan-activity;sid:84469149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606050/; classtype:trojan-activity;sid:84469150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606051/; classtype:trojan-activity;sid:84469151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606052/; classtype:trojan-activity;sid:84469152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606053/; classtype:trojan-activity;sid:84469153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606054/; classtype:trojan-activity;sid:84469154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606055/; classtype:trojan-activity;sid:84469155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606056/; classtype:trojan-activity;sid:84469156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606057/; classtype:trojan-activity;sid:84469157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606058/; classtype:trojan-activity;sid:84469158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606041/; classtype:trojan-activity;sid:84469141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606042/; classtype:trojan-activity;sid:84469142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606043/; classtype:trojan-activity;sid:84469143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606044/; classtype:trojan-activity;sid:84469144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606045/; classtype:trojan-activity;sid:84469145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606046/; classtype:trojan-activity;sid:84469146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606047/; classtype:trojan-activity;sid:84469147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606048/; classtype:trojan-activity;sid:84469148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606027/; classtype:trojan-activity;sid:84469127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606028/; classtype:trojan-activity;sid:84469128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606029/; classtype:trojan-activity;sid:84469129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606030/; classtype:trojan-activity;sid:84469130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606031/; classtype:trojan-activity;sid:84469131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606032/; classtype:trojan-activity;sid:84469132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606033/; classtype:trojan-activity;sid:84469133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606034/; classtype:trojan-activity;sid:84469134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606035/; classtype:trojan-activity;sid:84469135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606036/; classtype:trojan-activity;sid:84469136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606037/; classtype:trojan-activity;sid:84469137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606038/; classtype:trojan-activity;sid:84469138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606039/; classtype:trojan-activity;sid:84469139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606040/; classtype:trojan-activity;sid:84469140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"bodypopo.darrenofficial.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606022/; classtype:trojan-activity;sid:84469122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606023/; classtype:trojan-activity;sid:84469123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606024/; classtype:trojan-activity;sid:84469124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"moe.livesync.hyghbyte.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606025/; classtype:trojan-activity;sid:84469125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"181.214.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606026/; classtype:trojan-activity;sid:84469126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.255.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606021/; classtype:trojan-activity;sid:84469121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606019/; classtype:trojan-activity;sid:84469119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay"; depth:4; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606020/; classtype:trojan-activity;sid:84469120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606017/; classtype:trojan-activity;sid:84469117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606018/; classtype:trojan-activity;sid:84469118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.sh"; depth:8; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606015/; classtype:trojan-activity;sid:84469115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606016/; classtype:trojan-activity;sid:84469116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm4"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606014/; classtype:trojan-activity;sid:84469114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606007/; classtype:trojan-activity;sid:84469107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606008/; classtype:trojan-activity;sid:84469108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606009/; classtype:trojan-activity;sid:84469109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606010/; classtype:trojan-activity;sid:84469110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606011/; classtype:trojan-activity;sid:84469111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606012/; classtype:trojan-activity;sid:84469112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606013/; classtype:trojan-activity;sid:84469113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.46.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606006/; classtype:trojan-activity;sid:84469106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot/mynode.arm7_32"; depth:19; endswith; nocase; http.host; content:"196.251.71.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606005/; classtype:trojan-activity;sid:84469105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot/mynode.arm6_32"; depth:19; endswith; nocase; http.host; content:"196.251.71.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606004/; classtype:trojan-activity;sid:84469104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot/mynode.armv4_32"; depth:20; endswith; nocase; http.host; content:"196.251.71.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606003/; classtype:trojan-activity;sid:84469103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot/mynode.mpsl_32"; depth:19; endswith; nocase; http.host; content:"196.251.71.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606001/; classtype:trojan-activity;sid:84469101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot/mynode.m68k"; depth:16; endswith; nocase; http.host; content:"196.251.71.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606002/; classtype:trojan-activity;sid:84469102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot/mynode.x86_32"; depth:18; endswith; nocase; http.host; content:"196.251.71.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605995/; classtype:trojan-activity;sid:84469095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot/mynode.mips_32"; depth:19; endswith; nocase; http.host; content:"196.251.71.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605996/; classtype:trojan-activity;sid:84469096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot/mynode.arm5_32"; depth:19; endswith; nocase; http.host; content:"196.251.71.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605997/; classtype:trojan-activity;sid:84469097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmao.sh"; depth:8; endswith; nocase; http.host; content:"196.251.71.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605998/; classtype:trojan-activity;sid:84469098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot/mynode.sh4"; depth:15; endswith; nocase; http.host; content:"196.251.71.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605999/; classtype:trojan-activity;sid:84469099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot/mynode.ppc_32"; depth:18; endswith; nocase; http.host; content:"196.251.71.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606000/; classtype:trojan-activity;sid:84469100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.224.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605994/; classtype:trojan-activity;sid:84469094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"18.171.150.254"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605986/; classtype:trojan-activity;sid:84469086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"192.238.128.167"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605987/; classtype:trojan-activity;sid:84469087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.160.245.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605988/; classtype:trojan-activity;sid:84469088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.221.240.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605989/; classtype:trojan-activity;sid:84469089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.52.208.143"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605990/; classtype:trojan-activity;sid:84469090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.94.112.86"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605991/; classtype:trojan-activity;sid:84469091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.102.110"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605992/; classtype:trojan-activity;sid:84469092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"150.187.25.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605993/; classtype:trojan-activity;sid:84469093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.52.162.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605985/; classtype:trojan-activity;sid:84469085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605984/; classtype:trojan-activity;sid:84469084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.248.15.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605983/; classtype:trojan-activity;sid:84469083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605975/; classtype:trojan-activity;sid:84469075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"98.159.110.65"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605976/; classtype:trojan-activity;sid:84469076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605977/; classtype:trojan-activity;sid:84469077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605978/; classtype:trojan-activity;sid:84469078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"160.30.231.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605979/; classtype:trojan-activity;sid:84469079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.102.21.22"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605980/; classtype:trojan-activity;sid:84469080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"81.69.98.230"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605981/; classtype:trojan-activity;sid:84469081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"113.44.139.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605982/; classtype:trojan-activity;sid:84469082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/csky"; depth:5; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605963/; classtype:trojan-activity;sid:84469063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605964/; classtype:trojan-activity;sid:84469064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605965/; classtype:trojan-activity;sid:84469065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605966/; classtype:trojan-activity;sid:84469066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605967/; classtype:trojan-activity;sid:84469067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605968/; classtype:trojan-activity;sid:84469068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605969/; classtype:trojan-activity;sid:84469069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605970/; classtype:trojan-activity;sid:84469070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605971/; classtype:trojan-activity;sid:84469071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605972/; classtype:trojan-activity;sid:84469072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605973/; classtype:trojan-activity;sid:84469073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605974/; classtype:trojan-activity;sid:84469074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.149.13.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605961/; classtype:trojan-activity;sid:84469061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.118.154.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605962/; classtype:trojan-activity;sid:84469062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.235.255.236"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605960/; classtype:trojan-activity;sid:84469060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.46.2.7"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605959/; classtype:trojan-activity;sid:84469059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.235.133.27"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605953/; classtype:trojan-activity;sid:84469053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.255.10.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605954/; classtype:trojan-activity;sid:84469054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.214.100"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605955/; classtype:trojan-activity;sid:84469055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.130.29.34"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605956/; classtype:trojan-activity;sid:84469056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.225.18.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605957/; classtype:trojan-activity;sid:84469057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.4.1.150"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605958/; classtype:trojan-activity;sid:84469058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"160.218.100.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605952/; classtype:trojan-activity;sid:84469052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.143.255.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605951/; classtype:trojan-activity;sid:84469051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"171.235.220.140"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605950/; classtype:trojan-activity;sid:84469050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.167.42.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605949/; classtype:trojan-activity;sid:84469049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.183.51.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605948/; classtype:trojan-activity;sid:84469048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.26.55.10"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605947/; classtype:trojan-activity;sid:84469047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.28.20.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605946/; classtype:trojan-activity;sid:84469046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"120.157.195.226"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605945/; classtype:trojan-activity;sid:84469045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.183.51.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605941/; classtype:trojan-activity;sid:84469041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.28.20.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605942/; classtype:trojan-activity;sid:84469042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"143.255.240.195"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605943/; classtype:trojan-activity;sid:84469043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.37.186.249"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605944/; classtype:trojan-activity;sid:84469044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"27.74.60.113"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605940/; classtype:trojan-activity;sid:84469040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.136.110"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605939/; classtype:trojan-activity;sid:84469039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.146.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605938/; classtype:trojan-activity;sid:84469038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/acme-challenge/richpy/ssmtp4.zip"; depth:45; endswith; nocase; http.host; content:"ortopie.phuyufact.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605937/; classtype:trojan-activity;sid:84469037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.227.132.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605936/; classtype:trojan-activity;sid:84469036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.83.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605935/; classtype:trojan-activity;sid:84469035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/milkrun/work_approval_pdf3.clientsetup.msi"; depth:43; endswith; nocase; http.host; content:"scanwellhaulage.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605934/; classtype:trojan-activity;sid:84469034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.140.117"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605933/; classtype:trojan-activity;sid:84469033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.46.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605931/; classtype:trojan-activity;sid:84469031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.255.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605932/; classtype:trojan-activity;sid:84469032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudbase.exe"; depth:14; endswith; nocase; http.host; content:"45.132.238.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605930/; classtype:trojan-activity;sid:84469030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.227.132.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605929/; classtype:trojan-activity;sid:84469029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.8.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605928/; classtype:trojan-activity;sid:84469028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.93.108.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605927/; classtype:trojan-activity;sid:84469027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.219.147"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605926/; classtype:trojan-activity;sid:84469026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.11.1"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605925/; classtype:trojan-activity;sid:84469025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.83.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605924/; classtype:trojan-activity;sid:84469024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605914/; classtype:trojan-activity;sid:84469014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605915/; classtype:trojan-activity;sid:84469015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605916/; classtype:trojan-activity;sid:84469016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605917/; classtype:trojan-activity;sid:84469017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605918/; classtype:trojan-activity;sid:84469018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605919/; classtype:trojan-activity;sid:84469019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605920/; classtype:trojan-activity;sid:84469020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605921/; classtype:trojan-activity;sid:84469021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605922/; classtype:trojan-activity;sid:84469022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.17.187"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605923/; classtype:trojan-activity;sid:84469023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605912/; classtype:trojan-activity;sid:84469012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605913/; classtype:trojan-activity;sid:84469013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"160.30.21.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605910/; classtype:trojan-activity;sid:84469010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"160.30.21.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605911/; classtype:trojan-activity;sid:84469011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"160.30.21.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605909/; classtype:trojan-activity;sid:84469009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"160.30.21.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605907/; classtype:trojan-activity;sid:84469007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"160.30.21.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605908/; classtype:trojan-activity;sid:84469008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"160.30.21.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605904/; classtype:trojan-activity;sid:84469004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"160.30.21.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605905/; classtype:trojan-activity;sid:84469005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"160.30.21.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605906/; classtype:trojan-activity;sid:84469006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"160.30.21.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605903/; classtype:trojan-activity;sid:84469003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605902/; classtype:trojan-activity;sid:84469002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.228.54"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605901/; classtype:trojan-activity;sid:84469001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server"; depth:7; endswith; nocase; http.host; content:"193.233.113.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605900/; classtype:trojan-activity;sid:84469000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server.zip"; depth:11; endswith; nocase; http.host; content:"193.233.113.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605899/; classtype:trojan-activity;sid:84468999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.93.108.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605898/; classtype:trojan-activity;sid:84468998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.124.147"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605897/; classtype:trojan-activity;sid:84468997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.26.47"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605896/; classtype:trojan-activity;sid:84468996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.49.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605895/; classtype:trojan-activity;sid:84468995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"160.30.21.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605894/; classtype:trojan-activity;sid:84468994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xps.dof"; depth:8; endswith; nocase; http.host; content:"185.102.115.69"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605893/; classtype:trojan-activity;sid:84468993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.177.93"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605891/; classtype:trojan-activity;sid:84468991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"160.30.21.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605892/; classtype:trojan-activity;sid:84468992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.32.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605890/; classtype:trojan-activity;sid:84468990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"rianid.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605889/; classtype:trojan-activity;sid:84468989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.148.224.26"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605888/; classtype:trojan-activity;sid:84468988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.131.218"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605887/; classtype:trojan-activity;sid:84468987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.192.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605886/; classtype:trojan-activity;sid:84468986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.192.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605885/; classtype:trojan-activity;sid:84468985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.7.197"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605884/; classtype:trojan-activity;sid:84468984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.zip"; depth:8; endswith; nocase; http.host; content:"130.61.147.74"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605878/; classtype:trojan-activity;sid:84468978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.95.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605879/; classtype:trojan-activity;sid:84468979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.226.242"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605880/; classtype:trojan-activity;sid:84468980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.159.91.2"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605881/; classtype:trojan-activity;sid:84468981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.159.91.2"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605882/; classtype:trojan-activity;sid:84468982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605883/; classtype:trojan-activity;sid:84468983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.38.3.30"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605877/; classtype:trojan-activity;sid:84468977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8017652646/ykccbkn.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605876/; classtype:trojan-activity;sid:84468976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1229664666/8ihvfh8.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605875/; classtype:trojan-activity;sid:84468975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.111.155"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605874/; classtype:trojan-activity;sid:84468974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605873/; classtype:trojan-activity;sid:84468973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.198.52"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605872/; classtype:trojan-activity;sid:84468972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.177.93"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605871/; classtype:trojan-activity;sid:84468971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.tkg.sh"; depth:13; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605870/; classtype:trojan-activity;sid:84468970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"174.163.48.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605869/; classtype:trojan-activity;sid:84468969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.130.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605868/; classtype:trojan-activity;sid:84468968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.198.52"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605867/; classtype:trojan-activity;sid:84468967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.93.176"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605866/; classtype:trojan-activity;sid:84468966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.137.46.10"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605865/; classtype:trojan-activity;sid:84468965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.146.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605864/; classtype:trojan-activity;sid:84468964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.36.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605863/; classtype:trojan-activity;sid:84468963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"174.163.48.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605862/; classtype:trojan-activity;sid:84468962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.46.108"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605861/; classtype:trojan-activity;sid:84468961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.146.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605860/; classtype:trojan-activity;sid:84468960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.130.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605859/; classtype:trojan-activity;sid:84468959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.119.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605858/; classtype:trojan-activity;sid:84468958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.224.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605857/; classtype:trojan-activity;sid:84468957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7425234736/4ghsyup.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605856/; classtype:trojan-activity;sid:84468956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.93.176"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605855/; classtype:trojan-activity;sid:84468955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1509384686/sjovrne.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605854/; classtype:trojan-activity;sid:84468954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1509384686/nw1jmqq.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605852/; classtype:trojan-activity;sid:84468952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/271085713/q2znqkl.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605853/; classtype:trojan-activity;sid:84468953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/271085713/pblwkbq.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605851/; classtype:trojan-activity;sid:84468951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7425234736/4ghsyup.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605850/; classtype:trojan-activity;sid:84468950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1509384686/5wagdze.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605848/; classtype:trojan-activity;sid:84468948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1509384686/qxlb4t5.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605849/; classtype:trojan-activity;sid:84468949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.178.184.2"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605847/; classtype:trojan-activity;sid:84468947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.46.108"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605845/; classtype:trojan-activity;sid:84468945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.249.15"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605846/; classtype:trojan-activity;sid:84468946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.57.112"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605844/; classtype:trojan-activity;sid:84468944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.55.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605843/; classtype:trojan-activity;sid:84468943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvdfnafjbmc0/plugins/cred.dll"; depth:30; endswith; nocase; http.host; content:"5.252.153.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605842/; classtype:trojan-activity;sid:84468942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvdfnafjbmc0/plugins/clip.dll"; depth:30; endswith; nocase; http.host; content:"5.252.153.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605838/; classtype:trojan-activity;sid:84468938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvdfnafjbmc0/plugins/cred64.dll"; depth:32; endswith; nocase; http.host; content:"5.252.153.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605839/; classtype:trojan-activity;sid:84468939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvdfnafjbmc0/plugins/vnc.exe"; depth:29; endswith; nocase; http.host; content:"5.252.153.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605840/; classtype:trojan-activity;sid:84468940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvdfnafjbmc0/plugins/clip64.dll"; depth:32; endswith; nocase; http.host; content:"5.252.153.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605841/; classtype:trojan-activity;sid:84468941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.119.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605837/; classtype:trojan-activity;sid:84468937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.241.143.7"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605836/; classtype:trojan-activity;sid:84468936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.37.112"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605835/; classtype:trojan-activity;sid:84468935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.255.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605834/; classtype:trojan-activity;sid:84468934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.205.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605833/; classtype:trojan-activity;sid:84468933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.91.30"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605832/; classtype:trojan-activity;sid:84468932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.130.140"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605831/; classtype:trojan-activity;sid:84468931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.60.174"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605830/; classtype:trojan-activity;sid:84468930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.75.188"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605829/; classtype:trojan-activity;sid:84468929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.211.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605828/; classtype:trojan-activity;sid:84468928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.114.240"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605827/; classtype:trojan-activity;sid:84468927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.242.229"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605826/; classtype:trojan-activity;sid:84468926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.59.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605825/; classtype:trojan-activity;sid:84468925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.58.178"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605824/; classtype:trojan-activity;sid:84468924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.149.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605823/; classtype:trojan-activity;sid:84468923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.233.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605821/; classtype:trojan-activity;sid:84468921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.241.143.7"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605822/; classtype:trojan-activity;sid:84468922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.182.1"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605820/; classtype:trojan-activity;sid:84468920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.253.164"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605819/; classtype:trojan-activity;sid:84468919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.211.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605817/; classtype:trojan-activity;sid:84468917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.242.229"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605818/; classtype:trojan-activity;sid:84468918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.112.42.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605816/; classtype:trojan-activity;sid:84468916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t8rku9ms/plugins/vnc.exe"; depth:25; endswith; nocase; http.host; content:"185.196.11.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605815/; classtype:trojan-activity;sid:84468915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g8jejfc38/plugins/cred64.dll"; depth:29; endswith; nocase; http.host; content:"62.60.227.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605814/; classtype:trojan-activity;sid:84468914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g8jejfc38/plugins/clip64.dll"; depth:29; endswith; nocase; http.host; content:"62.60.227.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605813/; classtype:trojan-activity;sid:84468913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ho4lu3dk/plugins/vnc.exe"; depth:25; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605810/; classtype:trojan-activity;sid:84468910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ho4lu3dk/plugins/clip.dll"; depth:26; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605811/; classtype:trojan-activity;sid:84468911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g8jejfc38/plugins/vnc.exe"; depth:26; endswith; nocase; http.host; content:"62.60.227.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605812/; classtype:trojan-activity;sid:84468912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waaagh/plugins/vnc.exe"; depth:23; endswith; nocase; http.host; content:"66.63.187.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605799/; classtype:trojan-activity;sid:84468899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waaagh/plugins/clip64.dll"; depth:26; endswith; nocase; http.host; content:"66.63.187.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605800/; classtype:trojan-activity;sid:84468900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t8rku9ms/plugins/clip64.dll"; depth:28; endswith; nocase; http.host; content:"185.196.11.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605801/; classtype:trojan-activity;sid:84468901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waaagh/plugins/cred.dll"; depth:24; endswith; nocase; http.host; content:"66.63.187.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605802/; classtype:trojan-activity;sid:84468902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t8rku9ms/plugins/cred.dll"; depth:26; endswith; nocase; http.host; content:"185.196.11.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605803/; classtype:trojan-activity;sid:84468903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g8jejfc38/plugins/cred.dll"; depth:27; endswith; nocase; http.host; content:"62.60.227.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605804/; classtype:trojan-activity;sid:84468904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waaagh/plugins/cred64.dll"; depth:26; endswith; nocase; http.host; content:"66.63.187.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605805/; classtype:trojan-activity;sid:84468905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t8rku9ms/plugins/cred64.dll"; depth:28; endswith; nocase; http.host; content:"185.196.11.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605806/; classtype:trojan-activity;sid:84468906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g8jejfc38/plugins/clip.dll"; depth:27; endswith; nocase; http.host; content:"62.60.227.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605807/; classtype:trojan-activity;sid:84468907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ho4lu3dk/plugins/cred64.dll"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605808/; classtype:trojan-activity;sid:84468908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ho4lu3dk/plugins/cred.dll"; depth:26; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605809/; classtype:trojan-activity;sid:84468909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ho4lu3dk/plugins/clip64.dll"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605796/; classtype:trojan-activity;sid:84468896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t8rku9ms/plugins/clip.dll"; depth:26; endswith; nocase; http.host; content:"185.196.11.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605797/; classtype:trojan-activity;sid:84468897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waaagh/plugins/clip.dll"; depth:24; endswith; nocase; http.host; content:"66.63.187.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605798/; classtype:trojan-activity;sid:84468898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.102.113"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605795/; classtype:trojan-activity;sid:84468895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.9.41"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605794/; classtype:trojan-activity;sid:84468894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.233.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605793/; classtype:trojan-activity;sid:84468893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.108.243"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605792/; classtype:trojan-activity;sid:84468892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.74.209"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605791/; classtype:trojan-activity;sid:84468891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.253.164"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605790/; classtype:trojan-activity;sid:84468890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.219.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605789/; classtype:trojan-activity;sid:84468889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/di9ku38f/plugins/clip.dll"; depth:26; endswith; nocase; http.host; content:"94.154.35.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605788/; classtype:trojan-activity;sid:84468888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/di9ku38f/plugins/cred.dll"; depth:26; endswith; nocase; http.host; content:"94.154.35.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605787/; classtype:trojan-activity;sid:84468887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/di9ku38f/plugins/clip64.dll"; depth:28; endswith; nocase; http.host; content:"94.154.35.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605786/; classtype:trojan-activity;sid:84468886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ho4lu3dk/plugins/vnc.exe"; depth:25; endswith; nocase; http.host; content:"94.156.232.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605785/; classtype:trojan-activity;sid:84468885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/di9ku38f/plugins/cred64.dll"; depth:28; endswith; nocase; http.host; content:"94.154.35.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605783/; classtype:trojan-activity;sid:84468883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ho4lu3dk/plugins/cred.dll"; depth:26; endswith; nocase; http.host; content:"94.156.232.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605784/; classtype:trojan-activity;sid:84468884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f7ehhfaddsk/plugins/cred.dll"; depth:29; endswith; nocase; http.host; content:"85.208.84.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605782/; classtype:trojan-activity;sid:84468882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ho4lu3dk/plugins/clip64.dll"; depth:28; endswith; nocase; http.host; content:"94.156.232.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605780/; classtype:trojan-activity;sid:84468880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ho4lu3dk/plugins/clip.dll"; depth:26; endswith; nocase; http.host; content:"94.156.232.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605781/; classtype:trojan-activity;sid:84468881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f7ehhfaddsk/plugins/cred64.dll"; depth:31; endswith; nocase; http.host; content:"85.208.84.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605778/; classtype:trojan-activity;sid:84468878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f7ehhfaddsk/plugins/vnc.exe"; depth:28; endswith; nocase; http.host; content:"85.208.84.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605779/; classtype:trojan-activity;sid:84468879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f7ehhfaddsk/plugins/clip.dll"; depth:29; endswith; nocase; http.host; content:"85.208.84.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605775/; classtype:trojan-activity;sid:84468875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/di9ku38f/plugins/vnc.exe"; depth:25; endswith; nocase; http.host; content:"94.154.35.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605776/; classtype:trojan-activity;sid:84468876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ho4lu3dk/plugins/cred64.dll"; depth:28; endswith; nocase; http.host; content:"94.156.232.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605777/; classtype:trojan-activity;sid:84468877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.114.240"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605774/; classtype:trojan-activity;sid:84468874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.17.74.40"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605773/; classtype:trojan-activity;sid:84468873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.94.122"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605772/; classtype:trojan-activity;sid:84468872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.27.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605771/; classtype:trojan-activity;sid:84468871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.9.41"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605770/; classtype:trojan-activity;sid:84468870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.163.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605769/; classtype:trojan-activity;sid:84468869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b9kdj3s3c2/plugins/cred.dll"; depth:28; endswith; nocase; http.host; content:"195.10.205.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605768/; classtype:trojan-activity;sid:84468868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b9kdj3s3c2/plugins/vnc.exe"; depth:27; endswith; nocase; http.host; content:"195.10.205.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605767/; classtype:trojan-activity;sid:84468867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e3jv8fs9b/plugins/clip.dll"; depth:27; endswith; nocase; http.host; content:"196.251.85.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605764/; classtype:trojan-activity;sid:84468864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b9kdj3s3c2/plugins/clip64.dll"; depth:30; endswith; nocase; http.host; content:"195.10.205.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605765/; classtype:trojan-activity;sid:84468865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e3jv8fs9b/plugins/cred.dll"; depth:27; endswith; nocase; http.host; content:"196.251.85.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605766/; classtype:trojan-activity;sid:84468866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b9kdj3s3c2/plugins/cred64.dll"; depth:30; endswith; nocase; http.host; content:"195.10.205.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605763/; classtype:trojan-activity;sid:84468863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b9kdj3s3c2/plugins/clip.dll"; depth:28; endswith; nocase; http.host; content:"195.10.205.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605762/; classtype:trojan-activity;sid:84468862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e3jv8fs9b/plugins/vnc.exe"; depth:26; endswith; nocase; http.host; content:"196.251.85.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605761/; classtype:trojan-activity;sid:84468861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.219.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605760/; classtype:trojan-activity;sid:84468860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.92.31"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605759/; classtype:trojan-activity;sid:84468859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.163.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605758/; classtype:trojan-activity;sid:84468858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g7hen3xxf/plugins/vnc.exe"; depth:26; endswith; nocase; http.host; content:"213.209.150.166"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605757/; classtype:trojan-activity;sid:84468857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g7hen3xxf/plugins/cred.dll"; depth:27; endswith; nocase; http.host; content:"213.209.150.166"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605756/; classtype:trojan-activity;sid:84468856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g7hen3xxf/plugins/cred64.dll"; depth:29; endswith; nocase; http.host; content:"213.209.150.166"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605755/; classtype:trojan-activity;sid:84468855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g7hen3xxf/plugins/clip.dll"; depth:27; endswith; nocase; http.host; content:"213.209.150.166"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605754/; classtype:trojan-activity;sid:84468854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.214.63.244"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605753/; classtype:trojan-activity;sid:84468853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.107.21.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605752/; classtype:trojan-activity;sid:84468852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.92.31"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605751/; classtype:trojan-activity;sid:84468851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.60.142"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605750/; classtype:trojan-activity;sid:84468850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.21.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605749/; classtype:trojan-activity;sid:84468849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.124.65"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605747/; classtype:trojan-activity;sid:84468847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.60.142"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605746/; classtype:trojan-activity;sid:84468846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vtubers.sh"; depth:11; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605745/; classtype:trojan-activity;sid:84468845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shion.vtuber"; depth:13; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605742/; classtype:trojan-activity;sid:84468842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laplus.vtuber"; depth:14; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605743/; classtype:trojan-activity;sid:84468843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/korone.vtuber"; depth:14; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605744/; classtype:trojan-activity;sid:84468844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiara.vtuber"; depth:13; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605741/; classtype:trojan-activity;sid:84468841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mori.vtuber"; depth:12; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605740/; classtype:trojan-activity;sid:84468840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marine.vtuber"; depth:14; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605730/; classtype:trojan-activity;sid:84468830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mumei.vtuber"; depth:13; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605731/; classtype:trojan-activity;sid:84468831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayame.vtuber"; depth:13; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605732/; classtype:trojan-activity;sid:84468832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subaru.vtuber"; depth:14; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605733/; classtype:trojan-activity;sid:84468833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haachama.vtuber"; depth:16; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605734/; classtype:trojan-activity;sid:84468834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/towa.vtuber"; depth:12; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605735/; classtype:trojan-activity;sid:84468835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pekora.vtuber"; depth:14; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605736/; classtype:trojan-activity;sid:84468836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/okayu.vtuber"; depth:13; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605737/; classtype:trojan-activity;sid:84468837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amelia.vtuber"; depth:14; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605738/; classtype:trojan-activity;sid:84468838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gura.vtuber"; depth:12; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605739/; classtype:trojan-activity;sid:84468839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fubuki.vtuber"; depth:14; endswith; nocase; http.host; content:"103.245.231.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605729/; classtype:trojan-activity;sid:84468829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.9.169"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605728/; classtype:trojan-activity;sid:84468828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.131.13"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605727/; classtype:trojan-activity;sid:84468827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.130.164"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605726/; classtype:trojan-activity;sid:84468826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.206.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605725/; classtype:trojan-activity;sid:84468825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.131.13"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605724/; classtype:trojan-activity;sid:84468824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605723/; classtype:trojan-activity;sid:84468823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605722/; classtype:trojan-activity;sid:84468822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605721/; classtype:trojan-activity;sid:84468821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.207.53"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605720/; classtype:trojan-activity;sid:84468820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605719/; classtype:trojan-activity;sid:84468819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605714/; classtype:trojan-activity;sid:84468814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605715/; classtype:trojan-activity;sid:84468815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605716/; classtype:trojan-activity;sid:84468816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605717/; classtype:trojan-activity;sid:84468817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605718/; classtype:trojan-activity;sid:84468818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.1.186"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605713/; classtype:trojan-activity;sid:84468813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshkmips"; depth:9; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605712/; classtype:trojan-activity;sid:84468812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"45.125.66.90"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605711/; classtype:trojan-activity;sid:84468811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intelupdate.exe"; depth:16; endswith; nocase; http.host; content:"185.132.53.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605710/; classtype:trojan-activity;sid:84468810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.241.136"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605709/; classtype:trojan-activity;sid:84468809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.34.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605708/; classtype:trojan-activity;sid:84468808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.php"; depth:13; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605707/; classtype:trojan-activity;sid:84468807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.30.3"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605706/; classtype:trojan-activity;sid:84468806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.177.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605705/; classtype:trojan-activity;sid:84468805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605704/; classtype:trojan-activity;sid:84468804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605703/; classtype:trojan-activity;sid:84468803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605701/; classtype:trojan-activity;sid:84468801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.210.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605702/; classtype:trojan-activity;sid:84468802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605699/; classtype:trojan-activity;sid:84468799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605700/; classtype:trojan-activity;sid:84468800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ksysd"; depth:7; endswith; nocase; http.host; content:"www.phulocnhat2005.duckdns.org"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605698/; classtype:trojan-activity;sid:84468798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.239.248.236"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605697/; classtype:trojan-activity;sid:84468797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.31.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605694/; classtype:trojan-activity;sid:84468794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605695/; classtype:trojan-activity;sid:84468795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.1.186"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605696/; classtype:trojan-activity;sid:84468796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.164.195"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605688/; classtype:trojan-activity;sid:84468788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.10.2.70"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605689/; classtype:trojan-activity;sid:84468789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.92.247"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605690/; classtype:trojan-activity;sid:84468790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605691/; classtype:trojan-activity;sid:84468791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.219.105.122"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605692/; classtype:trojan-activity;sid:84468792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605693/; classtype:trojan-activity;sid:84468793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605687/; classtype:trojan-activity;sid:84468787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605685/; classtype:trojan-activity;sid:84468785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605686/; classtype:trojan-activity;sid:84468786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"202.155.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605684/; classtype:trojan-activity;sid:84468784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605683/; classtype:trojan-activity;sid:84468783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.59.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605682/; classtype:trojan-activity;sid:84468782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605680/; classtype:trojan-activity;sid:84468780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"89.213.44.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605681/; classtype:trojan-activity;sid:84468781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.116.122"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605679/; classtype:trojan-activity;sid:84468779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.syncd"; depth:7; endswith; nocase; http.host; content:"www.phulocnhat2005.duckdns.org"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605676/; classtype:trojan-activity;sid:84468776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.rsysl"; depth:7; endswith; nocase; http.host; content:"www.phulocnhat2005.duckdns.org"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605677/; classtype:trojan-activity;sid:84468777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.udevmon"; depth:9; endswith; nocase; http.host; content:"www.phulocnhat2005.duckdns.org"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605678/; classtype:trojan-activity;sid:84468778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.klogd"; depth:7; endswith; nocase; http.host; content:"phulocnhat2005.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605672/; classtype:trojan-activity;sid:84468772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.rsysl"; depth:7; endswith; nocase; http.host; content:"phulocnhat2005.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605673/; classtype:trojan-activity;sid:84468773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.udevmon"; depth:9; endswith; nocase; http.host; content:"phulocnhat2005.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605674/; classtype:trojan-activity;sid:84468774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.syncd"; depth:7; endswith; nocase; http.host; content:"phulocnhat2005.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605675/; classtype:trojan-activity;sid:84468775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.kthreadd"; depth:10; endswith; nocase; http.host; content:"phulocnhat2005.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605671/; classtype:trojan-activity;sid:84468771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh.sh"; depth:6; endswith; nocase; http.host; content:"phulocnhat2005.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605664/; classtype:trojan-activity;sid:84468764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.kthreadd"; depth:10; endswith; nocase; http.host; content:"www.phulocnhat2005.duckdns.org"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605665/; classtype:trojan-activity;sid:84468765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ksysd"; depth:7; endswith; nocase; http.host; content:"phulocnhat2005.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605666/; classtype:trojan-activity;sid:84468766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.upstart"; depth:9; endswith; nocase; http.host; content:"phulocnhat2005.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605667/; classtype:trojan-activity;sid:84468767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.netd"; depth:6; endswith; nocase; http.host; content:"phulocnhat2005.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605668/; classtype:trojan-activity;sid:84468768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.klogd"; depth:7; endswith; nocase; http.host; content:"www.phulocnhat2005.duckdns.org"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605669/; classtype:trojan-activity;sid:84468769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.netd"; depth:6; endswith; nocase; http.host; content:"www.phulocnhat2005.duckdns.org"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605670/; classtype:trojan-activity;sid:84468770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh.sh"; depth:6; endswith; nocase; http.host; content:"www.phulocnhat2005.duckdns.org"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605663/; classtype:trojan-activity;sid:84468763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.upstart"; depth:9; endswith; nocase; http.host; content:"www.phulocnhat2005.duckdns.org"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605662/; classtype:trojan-activity;sid:84468762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.164.195"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605661/; classtype:trojan-activity;sid:84468761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.244.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605660/; classtype:trojan-activity;sid:84468760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.210.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605659/; classtype:trojan-activity;sid:84468759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605658/; classtype:trojan-activity;sid:84468758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.udevmon"; depth:9; endswith; nocase; http.host; content:"45.153.34.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605655/; classtype:trojan-activity;sid:84468755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.netd"; depth:6; endswith; nocase; http.host; content:"45.153.34.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605656/; classtype:trojan-activity;sid:84468756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.kthreadd"; depth:10; endswith; nocase; http.host; content:"45.153.34.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605657/; classtype:trojan-activity;sid:84468757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ksysd"; depth:7; endswith; nocase; http.host; content:"45.153.34.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605654/; classtype:trojan-activity;sid:84468754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.syncd"; depth:7; endswith; nocase; http.host; content:"45.153.34.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605651/; classtype:trojan-activity;sid:84468751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.upstart"; depth:9; endswith; nocase; http.host; content:"45.153.34.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605652/; classtype:trojan-activity;sid:84468752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.rsysl"; depth:7; endswith; nocase; http.host; content:"45.153.34.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605653/; classtype:trojan-activity;sid:84468753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.klogd"; depth:7; endswith; nocase; http.host; content:"45.153.34.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605647/; classtype:trojan-activity;sid:84468747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.irqphual"; depth:10; endswith; nocase; http.host; content:"45.153.34.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605648/; classtype:trojan-activity;sid:84468748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.modprophue"; depth:12; endswith; nocase; http.host; content:"45.153.34.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605649/; classtype:trojan-activity;sid:84468749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605650/; classtype:trojan-activity;sid:84468750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605645/; classtype:trojan-activity;sid:84468745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605646/; classtype:trojan-activity;sid:84468746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/tps.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605644/; classtype:trojan-activity;sid:84468744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/smile.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605643/; classtype:trojan-activity;sid:84468743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/rts.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605642/; classtype:trojan-activity;sid:84468742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/qipo.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605641/; classtype:trojan-activity;sid:84468741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/pomp.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605637/; classtype:trojan-activity;sid:84468737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/poxer.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605638/; classtype:trojan-activity;sid:84468738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/vax.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605639/; classtype:trojan-activity;sid:84468739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/wbuild.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605640/; classtype:trojan-activity;sid:84468740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/whosts.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605636/; classtype:trojan-activity;sid:84468736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/xynd.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605635/; classtype:trojan-activity;sid:84468735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/safaris.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605634/; classtype:trojan-activity;sid:84468734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/mybuild.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605629/; classtype:trojan-activity;sid:84468729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/top.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605630/; classtype:trojan-activity;sid:84468730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/xtn.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605631/; classtype:trojan-activity;sid:84468731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/tops.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605632/; classtype:trojan-activity;sid:84468732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/pge.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605633/; classtype:trojan-activity;sid:84468733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.244.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605628/; classtype:trojan-activity;sid:84468728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.74.191"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605627/; classtype:trojan-activity;sid:84468727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.104.7"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605626/; classtype:trojan-activity;sid:84468726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.86.31"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605625/; classtype:trojan-activity;sid:84468725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.153.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605624/; classtype:trojan-activity;sid:84468724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/client.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605623/; classtype:trojan-activity;sid:84468723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/pxsd.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605622/; classtype:trojan-activity;sid:84468722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/juros.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605621/; classtype:trojan-activity;sid:84468721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/doge.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605620/; classtype:trojan-activity;sid:84468720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/josh.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605618/; classtype:trojan-activity;sid:84468718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/devl.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605619/; classtype:trojan-activity;sid:84468719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/libcurl.dll"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605615/; classtype:trojan-activity;sid:84468715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/juro.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605616/; classtype:trojan-activity;sid:84468716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/doges.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605617/; classtype:trojan-activity;sid:84468717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/rolexr1.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605603/; classtype:trojan-activity;sid:84468703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/krdzio.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605604/; classtype:trojan-activity;sid:84468704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/cos.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605605/; classtype:trojan-activity;sid:84468705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/amx.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605606/; classtype:trojan-activity;sid:84468706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/arx.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605607/; classtype:trojan-activity;sid:84468707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/cosp11.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605608/; classtype:trojan-activity;sid:84468708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/juro-a.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605609/; classtype:trojan-activity;sid:84468709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/jurov.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605610/; classtype:trojan-activity;sid:84468710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/frp.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605611/; classtype:trojan-activity;sid:84468711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/devl1.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605612/; classtype:trojan-activity;sid:84468712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/pxs.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605613/; classtype:trojan-activity;sid:84468713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/mosco.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605614/; classtype:trojan-activity;sid:84468714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/dd.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605600/; classtype:trojan-activity;sid:84468700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/pdfescape.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605601/; classtype:trojan-activity;sid:84468701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/client-built.exe"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605602/; classtype:trojan-activity;sid:84468702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.252.242"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605599/; classtype:trojan-activity;sid:84468699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.173.53"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605598/; classtype:trojan-activity;sid:84468698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.35.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605597/; classtype:trojan-activity;sid:84468697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.104.7"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605596/; classtype:trojan-activity;sid:84468696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.78.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605595/; classtype:trojan-activity;sid:84468695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.83.28"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605594/; classtype:trojan-activity;sid:84468694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.173.53"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605593/; classtype:trojan-activity;sid:84468693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.63.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605592/; classtype:trojan-activity;sid:84468692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.35.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605591/; classtype:trojan-activity;sid:84468691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g7hen3xxf/plugins/clip64.dll"; depth:29; endswith; nocase; http.host; content:"213.209.150.166"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605590/; classtype:trojan-activity;sid:84468690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/aug.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605589/; classtype:trojan-activity;sid:84468689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/refs/heads/main/augs.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605588/; classtype:trojan-activity;sid:84468688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.64.134.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605587/; classtype:trojan-activity;sid:84468687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.94.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605586/; classtype:trojan-activity;sid:84468686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.63.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605585/; classtype:trojan-activity;sid:84468685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.83.28"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605584/; classtype:trojan-activity;sid:84468684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.151.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605583/; classtype:trojan-activity;sid:84468683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.130.140"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605582/; classtype:trojan-activity;sid:84468682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.70.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605581/; classtype:trojan-activity;sid:84468681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tp.sh"; depth:6; endswith; nocase; http.host; content:"156.226.174.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605580/; classtype:trojan-activity;sid:84468680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.106.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605579/; classtype:trojan-activity;sid:84468679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.94.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605578/; classtype:trojan-activity;sid:84468678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"rianid.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605577/; classtype:trojan-activity;sid:84468677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"rianid.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605576/; classtype:trojan-activity;sid:84468676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"rianid.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605574/; classtype:trojan-activity;sid:84468674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"rianid.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605575/; classtype:trojan-activity;sid:84468675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"rianid.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605573/; classtype:trojan-activity;sid:84468673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"rianid.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605572/; classtype:trojan-activity;sid:84468672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"rianid.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605571/; classtype:trojan-activity;sid:84468671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"193.151.136.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605562/; classtype:trojan-activity;sid:84468662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"193.151.136.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605563/; classtype:trojan-activity;sid:84468663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"193.151.136.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605564/; classtype:trojan-activity;sid:84468664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"193.151.136.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605565/; classtype:trojan-activity;sid:84468665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"193.151.136.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605566/; classtype:trojan-activity;sid:84468666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"193.151.136.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605567/; classtype:trojan-activity;sid:84468667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"193.151.136.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605568/; classtype:trojan-activity;sid:84468668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"193.151.136.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605569/; classtype:trojan-activity;sid:84468669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"193.151.136.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605570/; classtype:trojan-activity;sid:84468670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"193.151.136.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605561/; classtype:trojan-activity;sid:84468661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.132.58"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605560/; classtype:trojan-activity;sid:84468660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.173.26"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605559/; classtype:trojan-activity;sid:84468659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.240.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605558/; classtype:trojan-activity;sid:84468658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.178.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605557/; classtype:trojan-activity;sid:84468657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.220.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605556/; classtype:trojan-activity;sid:84468656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.x86"; depth:9; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605547/; classtype:trojan-activity;sid:84468647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm6l"; depth:11; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605548/; classtype:trojan-activity;sid:84468648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm7l"; depth:11; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605549/; classtype:trojan-activity;sid:84468649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.m68k"; depth:10; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605550/; classtype:trojan-activity;sid:84468650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.mpsl"; depth:10; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605551/; classtype:trojan-activity;sid:84468651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm4l"; depth:11; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605552/; classtype:trojan-activity;sid:84468652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.x86_64"; depth:12; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605553/; classtype:trojan-activity;sid:84468653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.sh4"; depth:9; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605554/; classtype:trojan-activity;sid:84468654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm5l"; depth:11; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605555/; classtype:trojan-activity;sid:84468655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.spc"; depth:9; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605546/; classtype:trojan-activity;sid:84468646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.mips"; depth:10; endswith; nocase; http.host; content:"196.251.80.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605545/; classtype:trojan-activity;sid:84468645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.253.16"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605544/; classtype:trojan-activity;sid:84468644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.235.37.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605543/; classtype:trojan-activity;sid:84468643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.142.237"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605542/; classtype:trojan-activity;sid:84468642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5561582465/b9ragxe.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605541/; classtype:trojan-activity;sid:84468641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605540/; classtype:trojan-activity;sid:84468640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605534/; classtype:trojan-activity;sid:84468634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605535/; classtype:trojan-activity;sid:84468635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass"; depth:5; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605536/; classtype:trojan-activity;sid:84468636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb.sh"; depth:7; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605537/; classtype:trojan-activity;sid:84468637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell.sh"; depth:9; endswith; nocase; http.host; content:"example.com"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605538/; classtype:trojan-activity;sid:84468638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins2.sh"; depth:9; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605539/; classtype:trojan-activity;sid:84468639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn.sh"; depth:8; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605533/; classtype:trojan-activity;sid:84468633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.240.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605532/; classtype:trojan-activity;sid:84468632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.235.37.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605531/; classtype:trojan-activity;sid:84468631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.203.225.62"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605530/; classtype:trojan-activity;sid:84468630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.220.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605529/; classtype:trojan-activity;sid:84468629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.28.246"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605528/; classtype:trojan-activity;sid:84468628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.90.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605527/; classtype:trojan-activity;sid:84468627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.213.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605526/; classtype:trojan-activity;sid:84468626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605525/; classtype:trojan-activity;sid:84468625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.225.62"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605524/; classtype:trojan-activity;sid:84468624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.17.187"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605523/; classtype:trojan-activity;sid:84468623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.242.193"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605522/; classtype:trojan-activity;sid:84468622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.242.208"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605521/; classtype:trojan-activity;sid:84468621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.203.184"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605520/; classtype:trojan-activity;sid:84468620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.91.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605519/; classtype:trojan-activity;sid:84468619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.82.242"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605518/; classtype:trojan-activity;sid:84468618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.84.213.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605517/; classtype:trojan-activity;sid:84468617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.242.208"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605516/; classtype:trojan-activity;sid:84468616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.228.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605515/; classtype:trojan-activity;sid:84468615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.194.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605514/; classtype:trojan-activity;sid:84468614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.31.44"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605513/; classtype:trojan-activity;sid:84468613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.203.184"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605512/; classtype:trojan-activity;sid:84468612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.228.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605511/; classtype:trojan-activity;sid:84468611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.32.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605510/; classtype:trojan-activity;sid:84468610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.117.151"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605509/; classtype:trojan-activity;sid:84468609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.46.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605508/; classtype:trojan-activity;sid:84468608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.130.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605507/; classtype:trojan-activity;sid:84468607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.136.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605506/; classtype:trojan-activity;sid:84468606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.63.124"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605505/; classtype:trojan-activity;sid:84468605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.15.208"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605504/; classtype:trojan-activity;sid:84468604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.90.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605503/; classtype:trojan-activity;sid:84468603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.46.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605502/; classtype:trojan-activity;sid:84468602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.90.120"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605501/; classtype:trojan-activity;sid:84468601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.82.242"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605500/; classtype:trojan-activity;sid:84468600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.136.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605499/; classtype:trojan-activity;sid:84468599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.68.20"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605498/; classtype:trojan-activity;sid:84468598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.60.174"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605497/; classtype:trojan-activity;sid:84468597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.93.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605496/; classtype:trojan-activity;sid:84468596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.113.218"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605495/; classtype:trojan-activity;sid:84468595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.192.197.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605494/; classtype:trojan-activity;sid:84468594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.19.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605493/; classtype:trojan-activity;sid:84468593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.105.195"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605492/; classtype:trojan-activity;sid:84468592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.208.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605491/; classtype:trojan-activity;sid:84468591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.74.209"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605490/; classtype:trojan-activity;sid:84468590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.178.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605489/; classtype:trojan-activity;sid:84468589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.248.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605488/; classtype:trojan-activity;sid:84468588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.47.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605487/; classtype:trojan-activity;sid:84468587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.178.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605486/; classtype:trojan-activity;sid:84468586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.214.147.185"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605485/; classtype:trojan-activity;sid:84468585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.113.218"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605484/; classtype:trojan-activity;sid:84468584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.79.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605483/; classtype:trojan-activity;sid:84468583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.159.140"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605482/; classtype:trojan-activity;sid:84468582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.214.147.185"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605481/; classtype:trojan-activity;sid:84468581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.79.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605480/; classtype:trojan-activity;sid:84468580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.28.41.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605479/; classtype:trojan-activity;sid:84468579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.167.104.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605478/; classtype:trojan-activity;sid:84468578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.126.76.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605477/; classtype:trojan-activity;sid:84468577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.192.99"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605476/; classtype:trojan-activity;sid:84468576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.177.108.62"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605475/; classtype:trojan-activity;sid:84468575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605474/; classtype:trojan-activity;sid:84468574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.248.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605473/; classtype:trojan-activity;sid:84468573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.135.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605472/; classtype:trojan-activity;sid:84468572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.64.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605471/; classtype:trojan-activity;sid:84468571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.152.253"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605470/; classtype:trojan-activity;sid:84468570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.135.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605469/; classtype:trojan-activity;sid:84468569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.15.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605468/; classtype:trojan-activity;sid:84468568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.76.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605467/; classtype:trojan-activity;sid:84468567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.35.93.117"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605466/; classtype:trojan-activity;sid:84468566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.192.99"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605465/; classtype:trojan-activity;sid:84468565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.34.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605464/; classtype:trojan-activity;sid:84468564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.227.159"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605462/; classtype:trojan-activity;sid:84468562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.76.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605463/; classtype:trojan-activity;sid:84468563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.160.93"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605460/; classtype:trojan-activity;sid:84468560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.92.239"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605461/; classtype:trojan-activity;sid:84468561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.34.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605459/; classtype:trojan-activity;sid:84468559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.120.211"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605458/; classtype:trojan-activity;sid:84468558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.123.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605457/; classtype:trojan-activity;sid:84468557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.238.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605456/; classtype:trojan-activity;sid:84468556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.155"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605455/; classtype:trojan-activity;sid:84468555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.194.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605454/; classtype:trojan-activity;sid:84468554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.25.233"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605453/; classtype:trojan-activity;sid:84468553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.239.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605452/; classtype:trojan-activity;sid:84468552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.232.61"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605451/; classtype:trojan-activity;sid:84468551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.27"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605450/; classtype:trojan-activity;sid:84468550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.92.239"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605449/; classtype:trojan-activity;sid:84468549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.123.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605448/; classtype:trojan-activity;sid:84468548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.26.47"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605447/; classtype:trojan-activity;sid:84468547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605446/; classtype:trojan-activity;sid:84468546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.70.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605444/; classtype:trojan-activity;sid:84468544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.232.61"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605445/; classtype:trojan-activity;sid:84468545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605443/; classtype:trojan-activity;sid:84468543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.142.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605442/; classtype:trojan-activity;sid:84468542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.70.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605441/; classtype:trojan-activity;sid:84468541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.191.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605440/; classtype:trojan-activity;sid:84468540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.142.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605439/; classtype:trojan-activity;sid:84468539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605438/; classtype:trojan-activity;sid:84468538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.238.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605437/; classtype:trojan-activity;sid:84468537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.223.49"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605436/; classtype:trojan-activity;sid:84468536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.55.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605435/; classtype:trojan-activity;sid:84468535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.33.118"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605434/; classtype:trojan-activity;sid:84468534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.8.118.17"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605433/; classtype:trojan-activity;sid:84468533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.238.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605432/; classtype:trojan-activity;sid:84468532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.55.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605431/; classtype:trojan-activity;sid:84468531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.191.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605430/; classtype:trojan-activity;sid:84468530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.3.80"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605429/; classtype:trojan-activity;sid:84468529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loredana221/tewst/raw/refs/heads/main/owjlzu.exe"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605428/; classtype:trojan-activity;sid:84468528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"rianid.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605427/; classtype:trojan-activity;sid:84468527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"rianid.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605425/; classtype:trojan-activity;sid:84468525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"rianid.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605426/; classtype:trojan-activity;sid:84468526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.128.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605423/; classtype:trojan-activity;sid:84468523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.57.112"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605424/; classtype:trojan-activity;sid:84468524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.57.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605422/; classtype:trojan-activity;sid:84468522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.239.251.108"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605419/; classtype:trojan-activity;sid:84468519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.147.40.18"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605420/; classtype:trojan-activity;sid:84468520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605421/; classtype:trojan-activity;sid:84468521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetigoders/lavidaloca/raw/refs/heads/main/client.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605418/; classtype:trojan-activity;sid:84468518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.24.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605417/; classtype:trojan-activity;sid:84468517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.131.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605416/; classtype:trojan-activity;sid:84468516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.241.64.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605415/; classtype:trojan-activity;sid:84468515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.235.225"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605413/; classtype:trojan-activity;sid:84468513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.24.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605414/; classtype:trojan-activity;sid:84468514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.103.91"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605412/; classtype:trojan-activity;sid:84468512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.3.80"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605411/; classtype:trojan-activity;sid:84468511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.76.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605410/; classtype:trojan-activity;sid:84468510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.63.124"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605409/; classtype:trojan-activity;sid:84468509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.195.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605408/; classtype:trojan-activity;sid:84468508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.50.103"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605407/; classtype:trojan-activity;sid:84468507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.110.96"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605406/; classtype:trojan-activity;sid:84468506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.192.249"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605405/; classtype:trojan-activity;sid:84468505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.195.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605404/; classtype:trojan-activity;sid:84468504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605403/; classtype:trojan-activity;sid:84468503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.126.76.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605402/; classtype:trojan-activity;sid:84468502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.110.96"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605401/; classtype:trojan-activity;sid:84468501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605400/; classtype:trojan-activity;sid:84468500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.192.249"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605399/; classtype:trojan-activity;sid:84468499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.168.230.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605398/; classtype:trojan-activity;sid:84468498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605397/; classtype:trojan-activity;sid:84468497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.169.129"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605396/; classtype:trojan-activity;sid:84468496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7950941868/rhxfoui.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605395/; classtype:trojan-activity;sid:84468495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7425234736/6r7gng9.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605394/; classtype:trojan-activity;sid:84468494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605393/; classtype:trojan-activity;sid:84468493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.222.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605392/; classtype:trojan-activity;sid:84468492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.22.199"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605391/; classtype:trojan-activity;sid:84468491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.65.100"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605390/; classtype:trojan-activity;sid:84468490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605389/; classtype:trojan-activity;sid:84468489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.200.108"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605388/; classtype:trojan-activity;sid:84468488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.222.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605387/; classtype:trojan-activity;sid:84468487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.168.117"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605386/; classtype:trojan-activity;sid:84468486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.14"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605385/; classtype:trojan-activity;sid:84468485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.216.225.158"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605384/; classtype:trojan-activity;sid:84468484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.54.185"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605383/; classtype:trojan-activity;sid:84468483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.192.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605382/; classtype:trojan-activity;sid:84468482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.70.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605381/; classtype:trojan-activity;sid:84468481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605380/; classtype:trojan-activity;sid:84468480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605379/; classtype:trojan-activity;sid:84468479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605378/; classtype:trojan-activity;sid:84468478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605370/; classtype:trojan-activity;sid:84468470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605371/; classtype:trojan-activity;sid:84468471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605372/; classtype:trojan-activity;sid:84468472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605373/; classtype:trojan-activity;sid:84468473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605374/; classtype:trojan-activity;sid:84468474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605375/; classtype:trojan-activity;sid:84468475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605376/; classtype:trojan-activity;sid:84468476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605377/; classtype:trojan-activity;sid:84468477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605368/; classtype:trojan-activity;sid:84468468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"103.252.89.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605369/; classtype:trojan-activity;sid:84468469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"134.35.99.1"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605367/; classtype:trojan-activity;sid:84468467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.154.116.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605366/; classtype:trojan-activity;sid:84468466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.117.35.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605362/; classtype:trojan-activity;sid:84468462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.58.63.71"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605363/; classtype:trojan-activity;sid:84468463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.166.218.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605364/; classtype:trojan-activity;sid:84468464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.192.9.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605365/; classtype:trojan-activity;sid:84468465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.68.25.129"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605361/; classtype:trojan-activity;sid:84468461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.255.244.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605359/; classtype:trojan-activity;sid:84468459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.112.7.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605360/; classtype:trojan-activity;sid:84468460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.148.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605353/; classtype:trojan-activity;sid:84468453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.244.207.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605354/; classtype:trojan-activity;sid:84468454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.235.241.107"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605355/; classtype:trojan-activity;sid:84468455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"145.255.249.108"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605356/; classtype:trojan-activity;sid:84468456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.135.139.159"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605357/; classtype:trojan-activity;sid:84468457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.184.5.244"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605358/; classtype:trojan-activity;sid:84468458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc-e300c3"; depth:15; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605352/; classtype:trojan-activity;sid:84468452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"1.54.125.220"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605351/; classtype:trojan-activity;sid:84468451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.136.3"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605350/; classtype:trojan-activity;sid:84468450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.168.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605348/; classtype:trojan-activity;sid:84468448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.233.66.207"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605349/; classtype:trojan-activity;sid:84468449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.39.183.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605346/; classtype:trojan-activity;sid:84468446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.50.229.74"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605347/; classtype:trojan-activity;sid:84468447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"61.112.239.41"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605345/; classtype:trojan-activity;sid:84468445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"116.103.162.57"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605343/; classtype:trojan-activity;sid:84468443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.158.64"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605344/; classtype:trojan-activity;sid:84468444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.245.101.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605342/; classtype:trojan-activity;sid:84468442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.191.40"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605341/; classtype:trojan-activity;sid:84468441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.202.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605340/; classtype:trojan-activity;sid:84468440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.116.95"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605339/; classtype:trojan-activity;sid:84468439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.153.60"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605338/; classtype:trojan-activity;sid:84468438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.142.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605337/; classtype:trojan-activity;sid:84468437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/yeww23/random.exe"; depth:24; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605336/; classtype:trojan-activity;sid:84468436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5649370641/cb5h9ka.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605335/; classtype:trojan-activity;sid:84468435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8052963817/u0pv9e8.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605334/; classtype:trojan-activity;sid:84468434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5810624893/fjuf8oh.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605333/; classtype:trojan-activity;sid:84468433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.187.56"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605332/; classtype:trojan-activity;sid:84468432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.116.95"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605331/; classtype:trojan-activity;sid:84468431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.21"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605330/; classtype:trojan-activity;sid:84468430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.133.210"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605329/; classtype:trojan-activity;sid:84468429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.93.222"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605328/; classtype:trojan-activity;sid:84468428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.188.149"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605327/; classtype:trojan-activity;sid:84468427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.187.56"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605325/; classtype:trojan-activity;sid:84468425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.117.151"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605326/; classtype:trojan-activity;sid:84468426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.188.149"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605324/; classtype:trojan-activity;sid:84468424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.153.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605323/; classtype:trojan-activity;sid:84468423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.101.184"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605320/; classtype:trojan-activity;sid:84468420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605321/; classtype:trojan-activity;sid:84468421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605322/; classtype:trojan-activity;sid:84468422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.239.251.108"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605319/; classtype:trojan-activity;sid:84468419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.sh"; depth:5; endswith; nocase; http.host; content:"156.226.174.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605318/; classtype:trojan-activity;sid:84468418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.198.140.69"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605317/; classtype:trojan-activity;sid:84468417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.129"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605316/; classtype:trojan-activity;sid:84468416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.187.206"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605315/; classtype:trojan-activity;sid:84468415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.174.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605314/; classtype:trojan-activity;sid:84468414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.129"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605313/; classtype:trojan-activity;sid:84468413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.161.214.180"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605312/; classtype:trojan-activity;sid:84468412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.37.81.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605311/; classtype:trojan-activity;sid:84468411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.167.37"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605310/; classtype:trojan-activity;sid:84468410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.2.33"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605309/; classtype:trojan-activity;sid:84468409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.174.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605308/; classtype:trojan-activity;sid:84468408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.2.96"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605307/; classtype:trojan-activity;sid:84468407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.162.202.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605306/; classtype:trojan-activity;sid:84468406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.176"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605305/; classtype:trojan-activity;sid:84468405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.18.26"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605304/; classtype:trojan-activity;sid:84468404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.79.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605303/; classtype:trojan-activity;sid:84468403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.5.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605302/; classtype:trojan-activity;sid:84468402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.176"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605300/; classtype:trojan-activity;sid:84468400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.162.202.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605301/; classtype:trojan-activity;sid:84468401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.18.26"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605299/; classtype:trojan-activity;sid:84468399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5297474040/qqfldft.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605298/; classtype:trojan-activity;sid:84468398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605297/; classtype:trojan-activity;sid:84468397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1013240947/usclix4.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605296/; classtype:trojan-activity;sid:84468396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7887437310/xrwsmfu.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605295/; classtype:trojan-activity;sid:84468395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5968325780/jaqw7xg.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605294/; classtype:trojan-activity;sid:84468394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.37.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605292/; classtype:trojan-activity;sid:84468392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.208.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605293/; classtype:trojan-activity;sid:84468393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.110.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605291/; classtype:trojan-activity;sid:84468391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.223.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605290/; classtype:trojan-activity;sid:84468390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605289/; classtype:trojan-activity;sid:84468389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.167.37"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605288/; classtype:trojan-activity;sid:84468388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605287/; classtype:trojan-activity;sid:84468387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.110.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605286/; classtype:trojan-activity;sid:84468386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.117.180"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605285/; classtype:trojan-activity;sid:84468385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.182.1"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605284/; classtype:trojan-activity;sid:84468384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm7"; depth:17; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605283/; classtype:trojan-activity;sid:84468383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm6"; depth:17; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605280/; classtype:trojan-activity;sid:84468380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.ppc"; depth:16; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605281/; classtype:trojan-activity;sid:84468381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.sh4"; depth:16; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605282/; classtype:trojan-activity;sid:84468382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.m68k"; depth:17; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605279/; classtype:trojan-activity;sid:84468379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.x86_64"; depth:19; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605275/; classtype:trojan-activity;sid:84468375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.spc"; depth:16; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605276/; classtype:trojan-activity;sid:84468376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.mpsl"; depth:17; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605277/; classtype:trojan-activity;sid:84468377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arc"; depth:16; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605278/; classtype:trojan-activity;sid:84468378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.142.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605274/; classtype:trojan-activity;sid:84468374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.191.40"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605273/; classtype:trojan-activity;sid:84468373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.137.120"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605272/; classtype:trojan-activity;sid:84468372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.142.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605271/; classtype:trojan-activity;sid:84468371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.124.65"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605270/; classtype:trojan-activity;sid:84468370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.228.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605269/; classtype:trojan-activity;sid:84468369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.169.151"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605268/; classtype:trojan-activity;sid:84468368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.15.178"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605267/; classtype:trojan-activity;sid:84468367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.208.56"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605266/; classtype:trojan-activity;sid:84468366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.88.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605265/; classtype:trojan-activity;sid:84468365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.15.178"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605264/; classtype:trojan-activity;sid:84468364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.133.137.138"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605263/; classtype:trojan-activity;sid:84468363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.33.118"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605262/; classtype:trojan-activity;sid:84468362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.228.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605261/; classtype:trojan-activity;sid:84468361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.88.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605260/; classtype:trojan-activity;sid:84468360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.65.100"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605259/; classtype:trojan-activity;sid:84468359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.214.81"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605258/; classtype:trojan-activity;sid:84468358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm.nn"; depth:7; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605257/; classtype:trojan-activity;sid:84468357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5.nn"; depth:8; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605255/; classtype:trojan-activity;sid:84468355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6.nn"; depth:8; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605256/; classtype:trojan-activity;sid:84468356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.84.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605254/; classtype:trojan-activity;sid:84468354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.74.191"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605253/; classtype:trojan-activity;sid:84468353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.59.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605252/; classtype:trojan-activity;sid:84468352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.227.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605251/; classtype:trojan-activity;sid:84468351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.214.81"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605250/; classtype:trojan-activity;sid:84468350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc"; depth:14; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605248/; classtype:trojan-activity;sid:84468348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i486"; depth:11; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605249/; classtype:trojan-activity;sid:84468349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.i686"; depth:11; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605246/; classtype:trojan-activity;sid:84468346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mips"; depth:11; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605247/; classtype:trojan-activity;sid:84468347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv7l"; depth:13; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605238/; classtype:trojan-activity;sid:84468338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.m68k"; depth:11; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605239/; classtype:trojan-activity;sid:84468339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.mipsel"; depth:13; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605240/; classtype:trojan-activity;sid:84468340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv6l"; depth:13; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605241/; classtype:trojan-activity;sid:84468341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.armv5l"; depth:13; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605242/; classtype:trojan-activity;sid:84468342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.aarch64"; depth:14; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605243/; classtype:trojan-activity;sid:84468343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.powerpc64"; depth:16; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605244/; classtype:trojan-activity;sid:84468344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitty.x86_64"; depth:13; endswith; nocase; http.host; content:"87.121.84.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605245/; classtype:trojan-activity;sid:84468345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.i586"; depth:7; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605236/; classtype:trojan-activity;sid:84468336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.m68k"; depth:7; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605237/; classtype:trojan-activity;sid:84468337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605231/; classtype:trojan-activity;sid:84468331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605232/; classtype:trojan-activity;sid:84468332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605233/; classtype:trojan-activity;sid:84468333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605234/; classtype:trojan-activity;sid:84468334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605235/; classtype:trojan-activity;sid:84468335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.mips"; depth:7; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605230/; classtype:trojan-activity;sid:84468330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.sh4"; depth:6; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605229/; classtype:trojan-activity;sid:84468329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.ppc"; depth:6; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605228/; classtype:trojan-activity;sid:84468328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605223/; classtype:trojan-activity;sid:84468323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605224/; classtype:trojan-activity;sid:84468324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605225/; classtype:trojan-activity;sid:84468325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605226/; classtype:trojan-activity;sid:84468326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605227/; classtype:trojan-activity;sid:84468327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.125.66.90"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605222/; classtype:trojan-activity;sid:84468322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.i686"; depth:7; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605219/; classtype:trojan-activity;sid:84468319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.arm7"; depth:7; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605220/; classtype:trojan-activity;sid:84468320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.sparc"; depth:8; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605221/; classtype:trojan-activity;sid:84468321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.arm6"; depth:7; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605216/; classtype:trojan-activity;sid:84468316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.mpsl"; depth:7; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605217/; classtype:trojan-activity;sid:84468317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.arm5"; depth:7; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605218/; classtype:trojan-activity;sid:84468318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.arm4"; depth:7; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605215/; classtype:trojan-activity;sid:84468315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.x86"; depth:6; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605211/; classtype:trojan-activity;sid:84468311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605212/; classtype:trojan-activity;sid:84468312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605213/; classtype:trojan-activity;sid:84468313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605214/; classtype:trojan-activity;sid:84468314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.zip"; depth:9; endswith; nocase; http.host; content:"45.125.66.90"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605210/; classtype:trojan-activity;sid:84468310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605209/; classtype:trojan-activity;sid:84468309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605208/; classtype:trojan-activity;sid:84468308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.125.66.90"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605207/; classtype:trojan-activity;sid:84468307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.125.66.90"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605206/; classtype:trojan-activity;sid:84468306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.48.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605205/; classtype:trojan-activity;sid:84468305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.200.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605204/; classtype:trojan-activity;sid:84468304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.117.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605203/; classtype:trojan-activity;sid:84468303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.6.192"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605202/; classtype:trojan-activity;sid:84468302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/login"; depth:6; endswith; nocase; http.host; content:"market-lumma.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605201/; classtype:trojan-activity;sid:84468301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.79.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605199/; classtype:trojan-activity;sid:84468299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.59.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605200/; classtype:trojan-activity;sid:84468300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sjgj.apk"; depth:9; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605198/; classtype:trojan-activity;sid:84468298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sjgj.apk"; depth:9; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605197/; classtype:trojan-activity;sid:84468297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gx.rar"; depth:7; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605196/; classtype:trojan-activity;sid:84468296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows.exe"; depth:12; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605195/; classtype:trojan-activity;sid:84468295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gx.rar"; depth:7; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605194/; classtype:trojan-activity;sid:84468294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ckma.zip"; depth:10; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605193/; classtype:trojan-activity;sid:84468293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2gp.zip"; depth:8; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605192/; classtype:trojan-activity;sid:84468292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dupass.zip"; depth:11; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605191/; classtype:trojan-activity;sid:84468291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2gp.zip"; depth:8; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605190/; classtype:trojan-activity;sid:84468290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new1.rar"; depth:9; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605189/; classtype:trojan-activity;sid:84468289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dupass.zip"; depth:11; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605188/; classtype:trojan-activity;sid:84468288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows.exe"; depth:12; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605187/; classtype:trojan-activity;sid:84468287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new1.rar"; depth:9; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605186/; classtype:trojan-activity;sid:84468286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ckma.zip"; depth:10; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605185/; classtype:trojan-activity;sid:84468285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4cgp.rar"; depth:9; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605184/; classtype:trojan-activity;sid:84468284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4cgp.rar"; depth:9; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605183/; classtype:trojan-activity;sid:84468283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchostfw.exe"; depth:14; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605182/; classtype:trojan-activity;sid:84468282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchostfw.exe"; depth:14; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605181/; classtype:trojan-activity;sid:84468281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605180/; classtype:trojan-activity;sid:84468280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins.rar"; depth:12; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605179/; classtype:trojan-activity;sid:84468279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchostfw.sfx.exe"; depth:18; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605178/; classtype:trojan-activity;sid:84468278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605177/; classtype:trojan-activity;sid:84468277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e4%b8%80%e9%94%ae%e5%85%b3%e9%97%adwd.exe"; depth:43; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605174/; classtype:trojan-activity;sid:84468274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netsyst87.dll"; depth:14; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605175/; classtype:trojan-activity;sid:84468275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e4%b8%80%e9%94%ae%e5%85%b3%e9%97%adwd.exe"; depth:43; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605176/; classtype:trojan-activity;sid:84468276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchostfw.sfx.exe"; depth:18; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605173/; classtype:trojan-activity;sid:84468273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bwebcam.dll"; depth:12; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605171/; classtype:trojan-activity;sid:84468271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchostls.rar"; depth:14; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605172/; classtype:trojan-activity;sid:84468272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins.rar"; depth:12; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605170/; classtype:trojan-activity;sid:84468270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1xd.rar"; depth:8; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605169/; classtype:trojan-activity;sid:84468269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.rar"; depth:12; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605168/; classtype:trojan-activity;sid:84468268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/destroydefender.exe"; depth:20; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605166/; classtype:trojan-activity;sid:84468266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firefox.zip"; depth:12; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605167/; classtype:trojan-activity;sid:84468267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dede1.dll"; depth:10; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605163/; classtype:trojan-activity;sid:84468263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bwebcam.dll"; depth:12; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605164/; classtype:trojan-activity;sid:84468264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lm.zip"; depth:7; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605165/; classtype:trojan-activity;sid:84468265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchostls.rar"; depth:14; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605162/; classtype:trojan-activity;sid:84468262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1xd.rar"; depth:8; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605160/; classtype:trojan-activity;sid:84468260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netsyst87.dll"; depth:14; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605161/; classtype:trojan-activity;sid:84468261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2222.rar"; depth:9; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605159/; classtype:trojan-activity;sid:84468259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dede1.dll"; depth:10; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605158/; classtype:trojan-activity;sid:84468258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firefox.zip"; depth:12; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605157/; classtype:trojan-activity;sid:84468257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shllcodedec.exe"; depth:16; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605154/; classtype:trojan-activity;sid:84468254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lm.zip"; depth:7; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605155/; classtype:trojan-activity;sid:84468255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shllcodedec.exe"; depth:16; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605156/; classtype:trojan-activity;sid:84468256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.rar"; depth:12; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605150/; classtype:trojan-activity;sid:84468250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2222.rar"; depth:9; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605151/; classtype:trojan-activity;sid:84468251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/destroydefender.exe"; depth:20; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605152/; classtype:trojan-activity;sid:84468252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1122.txt"; depth:9; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605153/; classtype:trojan-activity;sid:84468253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svshost3.zip"; depth:13; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605149/; classtype:trojan-activity;sid:84468249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svshost3.zip"; depth:13; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605148/; classtype:trojan-activity;sid:84468248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1122.txt"; depth:9; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605147/; classtype:trojan-activity;sid:84468247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.48.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605146/; classtype:trojan-activity;sid:84468246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2gp.zip"; depth:8; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605145/; classtype:trojan-activity;sid:84468245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dupass.zip"; depth:11; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605144/; classtype:trojan-activity;sid:84468244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows.exe"; depth:12; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605143/; classtype:trojan-activity;sid:84468243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sjgj.apk"; depth:9; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605142/; classtype:trojan-activity;sid:84468242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gx.rar"; depth:7; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605141/; classtype:trojan-activity;sid:84468241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new1.rar"; depth:9; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605140/; classtype:trojan-activity;sid:84468240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ckma.zip"; depth:10; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605139/; classtype:trojan-activity;sid:84468239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4cgp.rar"; depth:9; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605138/; classtype:trojan-activity;sid:84468238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins.rar"; depth:12; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605137/; classtype:trojan-activity;sid:84468237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dede1.dll"; depth:10; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605135/; classtype:trojan-activity;sid:84468235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e4%b8%80%e9%94%ae%e5%85%b3%e9%97%adwd.exe"; depth:43; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605136/; classtype:trojan-activity;sid:84468236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1122.txt"; depth:9; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605134/; classtype:trojan-activity;sid:84468234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.rar"; depth:12; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605132/; classtype:trojan-activity;sid:84468232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firefox.zip"; depth:12; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605133/; classtype:trojan-activity;sid:84468233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lm.zip"; depth:7; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605130/; classtype:trojan-activity;sid:84468230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchostfw.exe"; depth:14; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605131/; classtype:trojan-activity;sid:84468231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchostls.rar"; depth:14; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605128/; classtype:trojan-activity;sid:84468228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605129/; classtype:trojan-activity;sid:84468229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bwebcam.dll"; depth:12; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605127/; classtype:trojan-activity;sid:84468227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netsyst87.dll"; depth:14; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605122/; classtype:trojan-activity;sid:84468222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2222.rar"; depth:9; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605123/; classtype:trojan-activity;sid:84468223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchostfw.sfx.exe"; depth:18; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605124/; classtype:trojan-activity;sid:84468224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1xd.rar"; depth:8; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605125/; classtype:trojan-activity;sid:84468225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/destroydefender.exe"; depth:20; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605126/; classtype:trojan-activity;sid:84468226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shllcodedec.exe"; depth:16; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605120/; classtype:trojan-activity;sid:84468220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svshost3.zip"; depth:13; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605121/; classtype:trojan-activity;sid:84468221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.43.113"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605119/; classtype:trojan-activity;sid:84468219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.200.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605118/; classtype:trojan-activity;sid:84468218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.15.152"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605117/; classtype:trojan-activity;sid:84468217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.45.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605116/; classtype:trojan-activity;sid:84468216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.133.27"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605115/; classtype:trojan-activity;sid:84468215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.45.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605114/; classtype:trojan-activity;sid:84468214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.15.152"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605113/; classtype:trojan-activity;sid:84468213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.214.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605112/; classtype:trojan-activity;sid:84468212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.242.167.39"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605111/; classtype:trojan-activity;sid:84468211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.4.26"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605110/; classtype:trojan-activity;sid:84468210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.133.27"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605109/; classtype:trojan-activity;sid:84468209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.17.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605108/; classtype:trojan-activity;sid:84468208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh.sh"; depth:6; endswith; nocase; http.host; content:"45.153.34.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605106/; classtype:trojan-activity;sid:84468206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6691015685/jolfznc.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605107/; classtype:trojan-activity;sid:84468207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firefox.exe"; depth:12; endswith; nocase; http.host; content:"103.204.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605103/; classtype:trojan-activity;sid:84468203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firefox.exe"; depth:12; endswith; nocase; http.host; content:"103.204.79.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605104/; classtype:trojan-activity;sid:84468204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firefox.exe"; depth:12; endswith; nocase; http.host; content:"103.204.79.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605105/; classtype:trojan-activity;sid:84468205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1129026890/fgubeuz.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605101/; classtype:trojan-activity;sid:84468201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7767269296/hppbn0z.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605102/; classtype:trojan-activity;sid:84468202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5968325780/jaqw7xg.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605098/; classtype:trojan-activity;sid:84468198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8210798643/qaxrwow.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605099/; classtype:trojan-activity;sid:84468199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5638395652/chae4ke.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605100/; classtype:trojan-activity;sid:84468200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5296057416/tse2e3k.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605096/; classtype:trojan-activity;sid:84468196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7675519015/nxzrhyq.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605097/; classtype:trojan-activity;sid:84468197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7922836960/jdjvvud.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605093/; classtype:trojan-activity;sid:84468193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faith.sh"; depth:9; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605094/; classtype:trojan-activity;sid:84468194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linnn"; depth:6; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605095/; classtype:trojan-activity;sid:84468195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605092/; classtype:trojan-activity;sid:84468192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.4.26"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605091/; classtype:trojan-activity;sid:84468191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.189.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605090/; classtype:trojan-activity;sid:84468190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.242.167.39"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605089/; classtype:trojan-activity;sid:84468189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.214.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605088/; classtype:trojan-activity;sid:84468188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605087/; classtype:trojan-activity;sid:84468187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.152.95.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605086/; classtype:trojan-activity;sid:84468186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.25.140"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605085/; classtype:trojan-activity;sid:84468185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.76.34.245"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605084/; classtype:trojan-activity;sid:84468184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"70.40.48.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605083/; classtype:trojan-activity;sid:84468183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.23.5"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605082/; classtype:trojan-activity;sid:84468182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.243.104"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605080/; classtype:trojan-activity;sid:84468180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.224.225"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605081/; classtype:trojan-activity;sid:84468181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.76.34.245"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605079/; classtype:trojan-activity;sid:84468179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"70.40.48.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605078/; classtype:trojan-activity;sid:84468178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.82.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605077/; classtype:trojan-activity;sid:84468177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.31.41"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605076/; classtype:trojan-activity;sid:84468176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.23.5"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605075/; classtype:trojan-activity;sid:84468175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605074/; classtype:trojan-activity;sid:84468174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605073/; classtype:trojan-activity;sid:84468173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605072/; classtype:trojan-activity;sid:84468172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605071/; classtype:trojan-activity;sid:84468171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605070/; classtype:trojan-activity;sid:84468170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605043/; classtype:trojan-activity;sid:84468143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605044/; classtype:trojan-activity;sid:84468144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605045/; classtype:trojan-activity;sid:84468145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605046/; classtype:trojan-activity;sid:84468146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605047/; classtype:trojan-activity;sid:84468147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605048/; classtype:trojan-activity;sid:84468148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605049/; classtype:trojan-activity;sid:84468149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605050/; classtype:trojan-activity;sid:84468150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605051/; classtype:trojan-activity;sid:84468151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605052/; classtype:trojan-activity;sid:84468152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605053/; classtype:trojan-activity;sid:84468153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605054/; classtype:trojan-activity;sid:84468154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605055/; classtype:trojan-activity;sid:84468155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605056/; classtype:trojan-activity;sid:84468156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605057/; classtype:trojan-activity;sid:84468157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605058/; classtype:trojan-activity;sid:84468158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605059/; classtype:trojan-activity;sid:84468159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605060/; classtype:trojan-activity;sid:84468160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605061/; classtype:trojan-activity;sid:84468161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605062/; classtype:trojan-activity;sid:84468162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605063/; classtype:trojan-activity;sid:84468163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605064/; classtype:trojan-activity;sid:84468164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"213.209.143.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605065/; classtype:trojan-activity;sid:84468165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605066/; classtype:trojan-activity;sid:84468166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605067/; classtype:trojan-activity;sid:84468167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605068/; classtype:trojan-activity;sid:84468168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605069/; classtype:trojan-activity;sid:84468169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.31.44"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605042/; classtype:trojan-activity;sid:84468142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.168.117"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605041/; classtype:trojan-activity;sid:84468141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.146.22"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605040/; classtype:trojan-activity;sid:84468140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.112.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605039/; classtype:trojan-activity;sid:84468139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.243.104"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605038/; classtype:trojan-activity;sid:84468138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.210.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605037/; classtype:trojan-activity;sid:84468137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.183.41"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605036/; classtype:trojan-activity;sid:84468136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.64.134.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605035/; classtype:trojan-activity;sid:84468135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.105.170"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605034/; classtype:trojan-activity;sid:84468134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.112.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605033/; classtype:trojan-activity;sid:84468133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.121.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605032/; classtype:trojan-activity;sid:84468132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.183.41"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605031/; classtype:trojan-activity;sid:84468131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.210.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605030/; classtype:trojan-activity;sid:84468130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.153.57"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605029/; classtype:trojan-activity;sid:84468129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.146.22"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605028/; classtype:trojan-activity;sid:84468128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.153.57"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605027/; classtype:trojan-activity;sid:84468127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.32.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605026/; classtype:trojan-activity;sid:84468126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.141.233.149"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605025/; classtype:trojan-activity;sid:84468125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.23.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605024/; classtype:trojan-activity;sid:84468124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.32.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605023/; classtype:trojan-activity;sid:84468123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.141.233.149"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605022/; classtype:trojan-activity;sid:84468122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.81.87"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605021/; classtype:trojan-activity;sid:84468121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.25.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605019/; classtype:trojan-activity;sid:84468119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.245.214"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605020/; classtype:trojan-activity;sid:84468120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.85.61.196"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605018/; classtype:trojan-activity;sid:84468118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.23.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605017/; classtype:trojan-activity;sid:84468117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.11.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605015/; classtype:trojan-activity;sid:84468115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.81.87"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605016/; classtype:trojan-activity;sid:84468116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.22.199"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605014/; classtype:trojan-activity;sid:84468114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.110.29.251"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605013/; classtype:trojan-activity;sid:84468113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.205.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605012/; classtype:trojan-activity;sid:84468112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605011/; classtype:trojan-activity;sid:84468111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.152.95.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605009/; classtype:trojan-activity;sid:84468109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js.php"; depth:7; endswith; nocase; http.host; content:"captchaverift.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605010/; classtype:trojan-activity;sid:84468110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/second.js"; depth:10; endswith; nocase; http.host; content:"industries-ii-wine-details.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605008/; classtype:trojan-activity;sid:84468108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.68.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605005/; classtype:trojan-activity;sid:84468105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.164.125"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605006/; classtype:trojan-activity;sid:84468106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.207.39"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605007/; classtype:trojan-activity;sid:84468107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.16.203"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605003/; classtype:trojan-activity;sid:84468103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.241.143.34"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605004/; classtype:trojan-activity;sid:84468104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"89.111.140.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605002/; classtype:trojan-activity;sid:84468102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.8.118.17"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605001/; classtype:trojan-activity;sid:84468101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.216.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605000/; classtype:trojan-activity;sid:84468100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.219.218"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604999/; classtype:trojan-activity;sid:84468099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.221.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604998/; classtype:trojan-activity;sid:84468098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.5.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604997/; classtype:trojan-activity;sid:84468097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.216.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604996/; classtype:trojan-activity;sid:84468096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.30.39"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604995/; classtype:trojan-activity;sid:84468095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.219.218"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604994/; classtype:trojan-activity;sid:84468094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.223.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604993/; classtype:trojan-activity;sid:84468093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.178.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604992/; classtype:trojan-activity;sid:84468092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.19.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604991/; classtype:trojan-activity;sid:84468091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.103.138"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604990/; classtype:trojan-activity;sid:84468090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.16.203"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604989/; classtype:trojan-activity;sid:84468089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.179.78"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604988/; classtype:trojan-activity;sid:84468088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.103.138"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604987/; classtype:trojan-activity;sid:84468087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.216.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604986/; classtype:trojan-activity;sid:84468086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.60.107"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604985/; classtype:trojan-activity;sid:84468085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.159.237"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604984/; classtype:trojan-activity;sid:84468084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.81.136"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604983/; classtype:trojan-activity;sid:84468083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.233.239.238"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604982/; classtype:trojan-activity;sid:84468082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.101.93"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604981/; classtype:trojan-activity;sid:84468081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.105.170"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604980/; classtype:trojan-activity;sid:84468080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.15.208"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604979/; classtype:trojan-activity;sid:84468079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.35.237"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604978/; classtype:trojan-activity;sid:84468078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.159.237"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604977/; classtype:trojan-activity;sid:84468077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.153.86"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604976/; classtype:trojan-activity;sid:84468076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gompsl"; depth:7; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604975/; classtype:trojan-activity;sid:84468075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604974/; classtype:trojan-activity;sid:84468074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604973/; classtype:trojan-activity;sid:84468073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604969/; classtype:trojan-activity;sid:84468069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmips"; depth:6; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604970/; classtype:trojan-activity;sid:84468070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm4"; depth:6; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604971/; classtype:trojan-activity;sid:84468071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604972/; classtype:trojan-activity;sid:84468072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604962/; classtype:trojan-activity;sid:84468062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604963/; classtype:trojan-activity;sid:84468063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604964/; classtype:trojan-activity;sid:84468064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604965/; classtype:trojan-activity;sid:84468065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604966/; classtype:trojan-activity;sid:84468066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604967/; classtype:trojan-activity;sid:84468067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604968/; classtype:trojan-activity;sid:84468068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm7"; depth:6; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604961/; classtype:trojan-activity;sid:84468061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm5"; depth:6; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604960/; classtype:trojan-activity;sid:84468060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604957/; classtype:trojan-activity;sid:84468057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604958/; classtype:trojan-activity;sid:84468058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604959/; classtype:trojan-activity;sid:84468059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"103.67.244.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604954/; classtype:trojan-activity;sid:84468054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"103.67.244.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604955/; classtype:trojan-activity;sid:84468055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"103.67.244.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604956/; classtype:trojan-activity;sid:84468056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604952/; classtype:trojan-activity;sid:84468052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604953/; classtype:trojan-activity;sid:84468053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604944/; classtype:trojan-activity;sid:84468044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"103.67.244.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604945/; classtype:trojan-activity;sid:84468045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604946/; classtype:trojan-activity;sid:84468046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604947/; classtype:trojan-activity;sid:84468047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604948/; classtype:trojan-activity;sid:84468048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604949/; classtype:trojan-activity;sid:84468049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604950/; classtype:trojan-activity;sid:84468050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604951/; classtype:trojan-activity;sid:84468051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604942/; classtype:trojan-activity;sid:84468042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604943/; classtype:trojan-activity;sid:84468043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"103.67.244.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604941/; classtype:trojan-activity;sid:84468041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"103.67.244.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604940/; classtype:trojan-activity;sid:84468040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604935/; classtype:trojan-activity;sid:84468035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604936/; classtype:trojan-activity;sid:84468036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604937/; classtype:trojan-activity;sid:84468037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604938/; classtype:trojan-activity;sid:84468038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604939/; classtype:trojan-activity;sid:84468039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604931/; classtype:trojan-activity;sid:84468031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604932/; classtype:trojan-activity;sid:84468032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604933/; classtype:trojan-activity;sid:84468033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604934/; classtype:trojan-activity;sid:84468034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604928/; classtype:trojan-activity;sid:84468028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604929/; classtype:trojan-activity;sid:84468029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"45.156.87.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604930/; classtype:trojan-activity;sid:84468030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"103.67.244.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604926/; classtype:trojan-activity;sid:84468026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604927/; classtype:trojan-activity;sid:84468027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604924/; classtype:trojan-activity;sid:84468024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604925/; classtype:trojan-activity;sid:84468025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604921/; classtype:trojan-activity;sid:84468021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604922/; classtype:trojan-activity;sid:84468022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604923/; classtype:trojan-activity;sid:84468023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604920/; classtype:trojan-activity;sid:84468020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.126.199"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604919/; classtype:trojan-activity;sid:84468019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.101.93"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604918/; classtype:trojan-activity;sid:84468018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.47.116"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604917/; classtype:trojan-activity;sid:84468017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.59.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604916/; classtype:trojan-activity;sid:84468016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.86.16"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3604915/; classtype:trojan-activity;sid:84468015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.59.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604914/; classtype:trojan-activity;sid:84468014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.228.54"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604913/; classtype:trojan-activity;sid:84468013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.128.168"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604912/; classtype:trojan-activity;sid:84468012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.131.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604911/; classtype:trojan-activity;sid:84468011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.32.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604910/; classtype:trojan-activity;sid:84468010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.243.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604909/; classtype:trojan-activity;sid:84468009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.132.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604907/; classtype:trojan-activity;sid:84468007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.203.92.202"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604908/; classtype:trojan-activity;sid:84468008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.165.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604906/; classtype:trojan-activity;sid:84468006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.69.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604905/; classtype:trojan-activity;sid:84468005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.36.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604904/; classtype:trojan-activity;sid:84468004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.75.188"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604903/; classtype:trojan-activity;sid:84468003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.131.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604902/; classtype:trojan-activity;sid:84468002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.32.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604901/; classtype:trojan-activity;sid:84468001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.243.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604900/; classtype:trojan-activity;sid:84468000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.69.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604899/; classtype:trojan-activity;sid:84467999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.165.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604898/; classtype:trojan-activity;sid:84467998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.36.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604897/; classtype:trojan-activity;sid:84467997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.229.63"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604896/; classtype:trojan-activity;sid:84467996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.229.242.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604895/; classtype:trojan-activity;sid:84467995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.179.78"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604894/; classtype:trojan-activity;sid:84467994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.128.168"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604893/; classtype:trojan-activity;sid:84467993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.242.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604892/; classtype:trojan-activity;sid:84467992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.92.202"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604891/; classtype:trojan-activity;sid:84467991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.82.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604890/; classtype:trojan-activity;sid:84467990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.40.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604889/; classtype:trojan-activity;sid:84467989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.20.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604888/; classtype:trojan-activity;sid:84467988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.132.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604887/; classtype:trojan-activity;sid:84467987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.62.129"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604886/; classtype:trojan-activity;sid:84467986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.17.20.167"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604885/; classtype:trojan-activity;sid:84467985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.90.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604884/; classtype:trojan-activity;sid:84467984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.229.63"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604883/; classtype:trojan-activity;sid:84467983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.17.20.167"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604882/; classtype:trojan-activity;sid:84467982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"84.200.193.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604881/; classtype:trojan-activity;sid:84467981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.139.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604880/; classtype:trojan-activity;sid:84467980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keepon.exe"; depth:11; endswith; nocase; http.host; content:"209.145.51.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604879/; classtype:trojan-activity;sid:84467979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iceland.exe"; depth:12; endswith; nocase; http.host; content:"uploadtree.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604878/; classtype:trojan-activity;sid:84467978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.26.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604877/; classtype:trojan-activity;sid:84467977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.153.60"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604876/; classtype:trojan-activity;sid:84467976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.44.13"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604874/; classtype:trojan-activity;sid:84467974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.0.248"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604875/; classtype:trojan-activity;sid:84467975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.38.3.30"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604873/; classtype:trojan-activity;sid:84467973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.10.157"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604872/; classtype:trojan-activity;sid:84467972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.90.84"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604871/; classtype:trojan-activity;sid:84467971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/111/random.exe"; depth:21; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604870/; classtype:trojan-activity;sid:84467970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.139.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604869/; classtype:trojan-activity;sid:84467969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.10.157"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604868/; classtype:trojan-activity;sid:84467968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.225.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604867/; classtype:trojan-activity;sid:84467967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.109.125"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604866/; classtype:trojan-activity;sid:84467966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604865/; classtype:trojan-activity;sid:84467965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604864/; classtype:trojan-activity;sid:84467964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.109.125"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604863/; classtype:trojan-activity;sid:84467963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7596020081/bw5mmfh.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604862/; classtype:trojan-activity;sid:84467962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mips"; depth:14; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604861/; classtype:trojan-activity;sid:84467961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tbk.sh"; depth:7; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604860/; classtype:trojan-activity;sid:84467960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/sh4"; depth:13; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604855/; classtype:trojan-activity;sid:84467955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm"; depth:13; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604856/; classtype:trojan-activity;sid:84467956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm7"; depth:14; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604857/; classtype:trojan-activity;sid:84467957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604858/; classtype:trojan-activity;sid:84467958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/m68k"; depth:14; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604859/; classtype:trojan-activity;sid:84467959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604850/; classtype:trojan-activity;sid:84467950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/ppc"; depth:13; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604851/; classtype:trojan-activity;sid:84467951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86"; depth:13; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604852/; classtype:trojan-activity;sid:84467952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604853/; classtype:trojan-activity;sid:84467953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mpsl"; depth:14; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604854/; classtype:trojan-activity;sid:84467954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604849/; classtype:trojan-activity;sid:84467949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/massload"; depth:9; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604847/; classtype:trojan-activity;sid:84467947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.134.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604848/; classtype:trojan-activity;sid:84467948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/972408663/cydqpke.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604846/; classtype:trojan-activity;sid:84467946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5649370641/2xyvnlp.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604845/; classtype:trojan-activity;sid:84467945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86_64"; depth:16; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604844/; classtype:trojan-activity;sid:84467944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/spc"; depth:13; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604840/; classtype:trojan-activity;sid:84467940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm5"; depth:14; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604841/; classtype:trojan-activity;sid:84467941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm6"; depth:14; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604842/; classtype:trojan-activity;sid:84467942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"92.60.77.45"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604843/; classtype:trojan-activity;sid:84467943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5649370641/wnrwwvf.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604839/; classtype:trojan-activity;sid:84467939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.20.93"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604838/; classtype:trojan-activity;sid:84467938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.5.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604837/; classtype:trojan-activity;sid:84467937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.5.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604836/; classtype:trojan-activity;sid:84467936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.114.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604835/; classtype:trojan-activity;sid:84467935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.20.93"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604834/; classtype:trojan-activity;sid:84467934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.101.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604833/; classtype:trojan-activity;sid:84467933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.97.197"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604832/; classtype:trojan-activity;sid:84467932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.82.183"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604831/; classtype:trojan-activity;sid:84467931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604829/; classtype:trojan-activity;sid:84467929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604830/; classtype:trojan-activity;sid:84467930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.97.197"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604828/; classtype:trojan-activity;sid:84467928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604826/; classtype:trojan-activity;sid:84467926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604827/; classtype:trojan-activity;sid:84467927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k86m"; depth:10; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604821/; classtype:trojan-activity;sid:84467921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/686i"; depth:10; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604822/; classtype:trojan-activity;sid:84467922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604823/; classtype:trojan-activity;sid:84467923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spim"; depth:10; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604824/; classtype:trojan-activity;sid:84467924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lespim"; depth:12; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604825/; classtype:trojan-activity;sid:84467925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604802/; classtype:trojan-activity;sid:84467902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604803/; classtype:trojan-activity;sid:84467903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604804/; classtype:trojan-activity;sid:84467904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604805/; classtype:trojan-activity;sid:84467905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604806/; classtype:trojan-activity;sid:84467906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604807/; classtype:trojan-activity;sid:84467907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604808/; classtype:trojan-activity;sid:84467908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604809/; classtype:trojan-activity;sid:84467909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604810/; classtype:trojan-activity;sid:84467910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604811/; classtype:trojan-activity;sid:84467911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604812/; classtype:trojan-activity;sid:84467912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604813/; classtype:trojan-activity;sid:84467913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604814/; classtype:trojan-activity;sid:84467914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604815/; classtype:trojan-activity;sid:84467915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604816/; classtype:trojan-activity;sid:84467916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604817/; classtype:trojan-activity;sid:84467917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l7vmra"; depth:7; endswith; nocase; http.host; content:"45.141.233.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604818/; classtype:trojan-activity;sid:84467918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604819/; classtype:trojan-activity;sid:84467919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"196.251.73.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604820/; classtype:trojan-activity;sid:84467920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.220.191"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604801/; classtype:trojan-activity;sid:84467901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.101.184"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604800/; classtype:trojan-activity;sid:84467900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.137.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604799/; classtype:trojan-activity;sid:84467899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.182.117"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604798/; classtype:trojan-activity;sid:84467898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.23.250"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604797/; classtype:trojan-activity;sid:84467897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.252.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604795/; classtype:trojan-activity;sid:84467895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.34.129"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604796/; classtype:trojan-activity;sid:84467896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.114.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604794/; classtype:trojan-activity;sid:84467894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.77.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604793/; classtype:trojan-activity;sid:84467893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.137.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604792/; classtype:trojan-activity;sid:84467892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.227.246.236"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604791/; classtype:trojan-activity;sid:84467891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.241.143.25"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604790/; classtype:trojan-activity;sid:84467890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.77.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604789/; classtype:trojan-activity;sid:84467889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.74.138"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604788/; classtype:trojan-activity;sid:84467888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.82.183"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604787/; classtype:trojan-activity;sid:84467887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.252.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604786/; classtype:trojan-activity;sid:84467886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.34.129"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604785/; classtype:trojan-activity;sid:84467885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.241.143.25"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604784/; classtype:trojan-activity;sid:84467884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.242.176"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604783/; classtype:trojan-activity;sid:84467883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zo.zip"; depth:7; endswith; nocase; http.host; content:"plc-trunk-mature-and.trycloudflare.com"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604782/; classtype:trojan-activity;sid:84467882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.144.92"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604781/; classtype:trojan-activity;sid:84467881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drawo.bat"; depth:10; endswith; nocase; http.host; content:"plc-trunk-mature-and.trycloudflare.com"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604780/; classtype:trojan-activity;sid:84467880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/start.bat"; depth:10; endswith; nocase; http.host; content:"plc-trunk-mature-and.trycloudflare.com"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604779/; classtype:trojan-activity;sid:84467879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/doc-uk.pdf.lnk"; depth:25; endswith; nocase; http.host; content:"plc-trunk-mature-and.trycloudflare.com"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604778/; classtype:trojan-activity;sid:84467878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/poi/wor.wsf"; depth:12; endswith; nocase; http.host; content:"plc-trunk-mature-and.trycloudflare.com"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604777/; classtype:trojan-activity;sid:84467877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604776/; classtype:trojan-activity;sid:84467876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604775/; classtype:trojan-activity;sid:84467875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604772/; classtype:trojan-activity;sid:84467872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604773/; classtype:trojan-activity;sid:84467873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604774/; classtype:trojan-activity;sid:84467874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604764/; classtype:trojan-activity;sid:84467864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604765/; classtype:trojan-activity;sid:84467865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604766/; classtype:trojan-activity;sid:84467866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604767/; classtype:trojan-activity;sid:84467867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604768/; classtype:trojan-activity;sid:84467868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604769/; classtype:trojan-activity;sid:84467869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604770/; classtype:trojan-activity;sid:84467870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"103.161.17.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604771/; classtype:trojan-activity;sid:84467871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"144.48.121.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604762/; classtype:trojan-activity;sid:84467862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.242.176"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604763/; classtype:trojan-activity;sid:84467863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.190.234"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604761/; classtype:trojan-activity;sid:84467861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.79.235.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604759/; classtype:trojan-activity;sid:84467859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"149.28.231.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604760/; classtype:trojan-activity;sid:84467860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"154.53.164.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604758/; classtype:trojan-activity;sid:84467858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.219.76.168"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604757/; classtype:trojan-activity;sid:84467857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.99.136.38"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604756/; classtype:trojan-activity;sid:84467856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.x86"; depth:15; endswith; nocase; http.host; content:"45.135.194.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604755/; classtype:trojan-activity;sid:84467855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.ppc"; depth:15; endswith; nocase; http.host; content:"45.135.194.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604754/; classtype:trojan-activity;sid:84467854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm6"; depth:16; endswith; nocase; http.host; content:"45.135.194.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604750/; classtype:trojan-activity;sid:84467850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm7"; depth:16; endswith; nocase; http.host; content:"45.135.194.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604751/; classtype:trojan-activity;sid:84467851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.mips"; depth:16; endswith; nocase; http.host; content:"45.135.194.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604752/; classtype:trojan-activity;sid:84467852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.m68k"; depth:16; endswith; nocase; http.host; content:"45.135.194.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604753/; classtype:trojan-activity;sid:84467853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.sh4"; depth:15; endswith; nocase; http.host; content:"45.135.194.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604745/; classtype:trojan-activity;sid:84467845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.mpsl"; depth:16; endswith; nocase; http.host; content:"45.135.194.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604746/; classtype:trojan-activity;sid:84467846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.spc"; depth:15; endswith; nocase; http.host; content:"45.135.194.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604747/; classtype:trojan-activity;sid:84467847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm5"; depth:16; endswith; nocase; http.host; content:"45.135.194.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604748/; classtype:trojan-activity;sid:84467848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm"; depth:15; endswith; nocase; http.host; content:"45.135.194.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604749/; classtype:trojan-activity;sid:84467849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.20.17.17"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604744/; classtype:trojan-activity;sid:84467844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.2.227.4"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604743/; classtype:trojan-activity;sid:84467843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"149.87.70.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604742/; classtype:trojan-activity;sid:84467842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.73.1"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604741/; classtype:trojan-activity;sid:84467841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.235.39.237"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604739/; classtype:trojan-activity;sid:84467839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.237.234.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604740/; classtype:trojan-activity;sid:84467840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.128.67.200"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604737/; classtype:trojan-activity;sid:84467837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.209.196.146"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604738/; classtype:trojan-activity;sid:84467838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.138.144.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604735/; classtype:trojan-activity;sid:84467835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.53.83.124"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604736/; classtype:trojan-activity;sid:84467836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.65.33"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604734/; classtype:trojan-activity;sid:84467834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.209.196.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604733/; classtype:trojan-activity;sid:84467833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"59.182.82.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604732/; classtype:trojan-activity;sid:84467832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.69.150.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604731/; classtype:trojan-activity;sid:84467831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"27.74.60.113"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604730/; classtype:trojan-activity;sid:84467830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"189.222.63.61"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604728/; classtype:trojan-activity;sid:84467828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.245.206.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604729/; classtype:trojan-activity;sid:84467829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.173.156"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604724/; classtype:trojan-activity;sid:84467824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"78.132.72.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604725/; classtype:trojan-activity;sid:84467825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.135.93"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604726/; classtype:trojan-activity;sid:84467826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.59.132.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604727/; classtype:trojan-activity;sid:84467827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.143.21"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604723/; classtype:trojan-activity;sid:84467823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.108.156"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604722/; classtype:trojan-activity;sid:84467822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"144.48.121.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604721/; classtype:trojan-activity;sid:84467821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.90.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604719/; classtype:trojan-activity;sid:84467819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.69.242"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604720/; classtype:trojan-activity;sid:84467820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.9.0"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604718/; classtype:trojan-activity;sid:84467818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.233.239.238"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604717/; classtype:trojan-activity;sid:84467817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.108.156"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604716/; classtype:trojan-activity;sid:84467816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.58.144"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604715/; classtype:trojan-activity;sid:84467815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.77.96"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604714/; classtype:trojan-activity;sid:84467814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.240.217"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604713/; classtype:trojan-activity;sid:84467813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.65.162.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604712/; classtype:trojan-activity;sid:84467812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.105.195"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604711/; classtype:trojan-activity;sid:84467811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.66.218"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604710/; classtype:trojan-activity;sid:84467810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.9.0"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604709/; classtype:trojan-activity;sid:84467809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.240.217"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604708/; classtype:trojan-activity;sid:84467808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.208.120"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604707/; classtype:trojan-activity;sid:84467807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.24.125"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604706/; classtype:trojan-activity;sid:84467806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.119.85"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604705/; classtype:trojan-activity;sid:84467805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.224.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604704/; classtype:trojan-activity;sid:84467804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.99.31"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604703/; classtype:trojan-activity;sid:84467803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.183.196.102"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604702/; classtype:trojan-activity;sid:84467802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.24.125"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604701/; classtype:trojan-activity;sid:84467801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.26.202.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604700/; classtype:trojan-activity;sid:84467800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.220.44.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604699/; classtype:trojan-activity;sid:84467799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.119.85"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604698/; classtype:trojan-activity;sid:84467798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.224.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604697/; classtype:trojan-activity;sid:84467797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.208.206"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604696/; classtype:trojan-activity;sid:84467796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.220.44.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604695/; classtype:trojan-activity;sid:84467795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.183.196.102"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604694/; classtype:trojan-activity;sid:84467794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.99.31"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604692/; classtype:trojan-activity;sid:84467792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.99.3"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604693/; classtype:trojan-activity;sid:84467793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.248.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604691/; classtype:trojan-activity;sid:84467791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.248.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604690/; classtype:trojan-activity;sid:84467790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.177.151.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604689/; classtype:trojan-activity;sid:84467789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.233.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604688/; classtype:trojan-activity;sid:84467788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"70.21.115.193"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604687/; classtype:trojan-activity;sid:84467787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.208.206"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604686/; classtype:trojan-activity;sid:84467786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.158.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604685/; classtype:trojan-activity;sid:84467785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.20.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604684/; classtype:trojan-activity;sid:84467784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.46.10"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604683/; classtype:trojan-activity;sid:84467783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.233.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604682/; classtype:trojan-activity;sid:84467782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.84.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604681/; classtype:trojan-activity;sid:84467781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.20.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604680/; classtype:trojan-activity;sid:84467780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.65.162.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604679/; classtype:trojan-activity;sid:84467779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604678/; classtype:trojan-activity;sid:84467778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604676/; classtype:trojan-activity;sid:84467776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604677/; classtype:trojan-activity;sid:84467777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.mpsl"; depth:17; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604675/; classtype:trojan-activity;sid:84467775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.spc"; depth:16; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604674/; classtype:trojan-activity;sid:84467774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm4l"; depth:11; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604673/; classtype:trojan-activity;sid:84467773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.sh4"; depth:16; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604669/; classtype:trojan-activity;sid:84467769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604670/; classtype:trojan-activity;sid:84467770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4t"; depth:14; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604671/; classtype:trojan-activity;sid:84467771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604672/; classtype:trojan-activity;sid:84467772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604668/; classtype:trojan-activity;sid:84467768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.x86_64"; depth:12; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604665/; classtype:trojan-activity;sid:84467765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.ppc"; depth:9; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604666/; classtype:trojan-activity;sid:84467766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604667/; classtype:trojan-activity;sid:84467767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604664/; classtype:trojan-activity;sid:84467764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.x86_64"; depth:17; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604661/; classtype:trojan-activity;sid:84467761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.arm4"; depth:15; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604662/; classtype:trojan-activity;sid:84467762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.spc"; depth:9; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604663/; classtype:trojan-activity;sid:84467763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604656/; classtype:trojan-activity;sid:84467756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604657/; classtype:trojan-activity;sid:84467757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.mips"; depth:17; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604658/; classtype:trojan-activity;sid:84467758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/x86_64"; depth:15; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604659/; classtype:trojan-activity;sid:84467759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.m68k"; depth:10; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604660/; classtype:trojan-activity;sid:84467760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arc"; depth:13; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604655/; classtype:trojan-activity;sid:84467755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604654/; classtype:trojan-activity;sid:84467754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i468"; depth:26; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604652/; classtype:trojan-activity;sid:84467752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm"; depth:16; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604653/; classtype:trojan-activity;sid:84467753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604647/; classtype:trojan-activity;sid:84467747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604648/; classtype:trojan-activity;sid:84467748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604649/; classtype:trojan-activity;sid:84467749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.x86_64"; depth:19; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604650/; classtype:trojan-activity;sid:84467750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm6"; depth:17; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604651/; classtype:trojan-activity;sid:84467751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sparc"; depth:10; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604645/; classtype:trojan-activity;sid:84467745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.ppc"; depth:16; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604646/; classtype:trojan-activity;sid:84467746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604640/; classtype:trojan-activity;sid:84467740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604641/; classtype:trojan-activity;sid:84467741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604642/; classtype:trojan-activity;sid:84467742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604643/; classtype:trojan-activity;sid:84467743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604644/; classtype:trojan-activity;sid:84467744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.sh4"; depth:9; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604637/; classtype:trojan-activity;sid:84467737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.mips"; depth:10; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604638/; classtype:trojan-activity;sid:84467738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604639/; classtype:trojan-activity;sid:84467739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.m68k"; depth:17; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604636/; classtype:trojan-activity;sid:84467736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm5"; depth:17; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604634/; classtype:trojan-activity;sid:84467734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604635/; classtype:trojan-activity;sid:84467735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.x86"; depth:9; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604630/; classtype:trojan-activity;sid:84467730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604631/; classtype:trojan-activity;sid:84467731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm5l"; depth:11; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604632/; classtype:trojan-activity;sid:84467732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm6l"; depth:11; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604633/; classtype:trojan-activity;sid:84467733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arc"; depth:16; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604629/; classtype:trojan-activity;sid:84467729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/arm5"; depth:13; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604621/; classtype:trojan-activity;sid:84467721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; depth:87; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604622/; classtype:trojan-activity;sid:84467722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/arm4"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604623/; classtype:trojan-activity;sid:84467723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.arm7l"; depth:11; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604624/; classtype:trojan-activity;sid:84467724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604625/; classtype:trojan-activity;sid:84467725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arc"; depth:9; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604626/; classtype:trojan-activity;sid:84467726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_spc"; depth:9; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604627/; classtype:trojan-activity;sid:84467727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.arm4"; depth:18; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604628/; classtype:trojan-activity;sid:84467728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arc"; depth:13; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604617/; classtype:trojan-activity;sid:84467717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.arm4"; depth:17; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604618/; classtype:trojan-activity;sid:84467718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axis.mpsl"; depth:10; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604619/; classtype:trojan-activity;sid:84467719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604620/; classtype:trojan-activity;sid:84467720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.48.76"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604616/; classtype:trojan-activity;sid:84467716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.65.33.113"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604615/; classtype:trojan-activity;sid:84467715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.38.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604614/; classtype:trojan-activity;sid:84467714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604613/; classtype:trojan-activity;sid:84467713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.3.96"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604612/; classtype:trojan-activity;sid:84467712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.14.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604611/; classtype:trojan-activity;sid:84467711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.38.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604610/; classtype:trojan-activity;sid:84467710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.3.96"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604609/; classtype:trojan-activity;sid:84467709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.14.233"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604608/; classtype:trojan-activity;sid:84467708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604607/; classtype:trojan-activity;sid:84467707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604605/; classtype:trojan-activity;sid:84467705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604606/; classtype:trojan-activity;sid:84467706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604604/; classtype:trojan-activity;sid:84467704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604597/; classtype:trojan-activity;sid:84467697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604598/; classtype:trojan-activity;sid:84467698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604599/; classtype:trojan-activity;sid:84467699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604600/; classtype:trojan-activity;sid:84467700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604601/; classtype:trojan-activity;sid:84467701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604602/; classtype:trojan-activity;sid:84467702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604603/; classtype:trojan-activity;sid:84467703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.33.25"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604596/; classtype:trojan-activity;sid:84467696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.14.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604595/; classtype:trojan-activity;sid:84467695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.155.72"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604594/; classtype:trojan-activity;sid:84467694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.47.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604593/; classtype:trojan-activity;sid:84467693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/javaw/winring0x64.sys"; depth:27; endswith; nocase; http.host; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604592/; classtype:trojan-activity;sid:84467692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/networke.ps1"; depth:13; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604591/; classtype:trojan-activity;sid:84467691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/net/net.xsl"; depth:12; endswith; nocase; http.host; content:"cat.xiaojiji.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604590/; classtype:trojan-activity;sid:84467690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/optimized_msi_20250814/optimized_msi.png"; depth:50; endswith; nocase; http.host; content:"archive.org"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604589/; classtype:trojan-activity;sid:84467689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/jiy4cjki"; depth:18; endswith; nocase; http.host; content:"pixeldrain.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604588/; classtype:trojan-activity;sid:84467688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/nbtbo8ljc8"; depth:15; endswith; nocase; http.host; content:"pt.textbin.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604586/; classtype:trojan-activity;sid:84467686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/aecuqrooes"; depth:15; endswith; nocase; http.host; content:"pt.textbin.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604587/; classtype:trojan-activity;sid:84467687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.110.1.149"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604585/; classtype:trojan-activity;sid:84467685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/or.txt"; depth:7; endswith; nocase; http.host; content:"ktc2005.com"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604584/; classtype:trojan-activity;sid:84467684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wvtcifeygu_07/01.txt"; depth:21; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604582/; classtype:trojan-activity;sid:84467682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wvtcifeygu_07/02.txt"; depth:21; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604583/; classtype:trojan-activity;sid:84467683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.47.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604581/; classtype:trojan-activity;sid:84467681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.193.165"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604580/; classtype:trojan-activity;sid:84467680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm"; depth:9; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604579/; classtype:trojan-activity;sid:84467679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.sh"; depth:12; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604577/; classtype:trojan-activity;sid:84467677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.225"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604578/; classtype:trojan-activity;sid:84467678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604575/; classtype:trojan-activity;sid:84467675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.m68k"; depth:10; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604576/; classtype:trojan-activity;sid:84467676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/257/seethebestfeelingwithbetterlifestartedwithmegoodmrng.vbe"; depth:61; endswith; nocase; http.host; content:"172.96.172.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604574/; classtype:trojan-activity;sid:84467674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86_64"; depth:12; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604571/; classtype:trojan-activity;sid:84467671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sh4"; depth:9; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604572/; classtype:trojan-activity;sid:84467672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604573/; classtype:trojan-activity;sid:84467673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5298241443/fvstoxo.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604570/; classtype:trojan-activity;sid:84467670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/887698409/uawcngg.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604569/; classtype:trojan-activity;sid:84467669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arc"; depth:9; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604567/; classtype:trojan-activity;sid:84467667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/257/cbsse/seethebestfeelingwithbetterlifestartedwithmegoodmrng__________seethebestfeelingwithbetterlifestartedwithmegoodmrng_________seethebestfeelingwithbetterlifestartedwithmegoodmrng.doc"; depth:190; endswith; nocase; http.host; content:"172.96.172.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604568/; classtype:trojan-activity;sid:84467668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604559/; classtype:trojan-activity;sid:84467659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm7"; depth:10; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604560/; classtype:trojan-activity;sid:84467660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604561/; classtype:trojan-activity;sid:84467661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604562/; classtype:trojan-activity;sid:84467662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.spc"; depth:9; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604563/; classtype:trojan-activity;sid:84467663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5810624893/jyvv3cf.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604564/; classtype:trojan-activity;sid:84467664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604565/; classtype:trojan-activity;sid:84467665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.ppc"; depth:9; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604566/; classtype:trojan-activity;sid:84467666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apic/tzqx5vol/tzqx5volze8d"; depth:27; endswith; nocase; http.host; content:"bkkil.com"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604558/; classtype:trojan-activity;sid:84467658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.189.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604557/; classtype:trojan-activity;sid:84467657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.221.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604556/; classtype:trojan-activity;sid:84467656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.194.219"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604555/; classtype:trojan-activity;sid:84467655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.225"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604554/; classtype:trojan-activity;sid:84467654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.221.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604553/; classtype:trojan-activity;sid:84467653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.246.202"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604552/; classtype:trojan-activity;sid:84467652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.243.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604551/; classtype:trojan-activity;sid:84467651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.103.174"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604550/; classtype:trojan-activity;sid:84467650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.107.166"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604548/; classtype:trojan-activity;sid:84467648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.151.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604549/; classtype:trojan-activity;sid:84467649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.6.208"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604547/; classtype:trojan-activity;sid:84467647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.246.202"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604546/; classtype:trojan-activity;sid:84467646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.243.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604545/; classtype:trojan-activity;sid:84467645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.63.37"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604543/; classtype:trojan-activity;sid:84467643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.103.174"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604542/; classtype:trojan-activity;sid:84467642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.151.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604541/; classtype:trojan-activity;sid:84467641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.48.76"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604540/; classtype:trojan-activity;sid:84467640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.244.73.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604539/; classtype:trojan-activity;sid:84467639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.241.143.38"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604538/; classtype:trojan-activity;sid:84467638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.97.113"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604537/; classtype:trojan-activity;sid:84467637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.90.84"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604536/; classtype:trojan-activity;sid:84467636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.204.196.136"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604535/; classtype:trojan-activity;sid:84467635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.137.192"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604534/; classtype:trojan-activity;sid:84467634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.89.101.135"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604533/; classtype:trojan-activity;sid:84467633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.244.73.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604532/; classtype:trojan-activity;sid:84467632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.89.19"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604531/; classtype:trojan-activity;sid:84467631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.102.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604530/; classtype:trojan-activity;sid:84467630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.214.203"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604529/; classtype:trojan-activity;sid:84467629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.169.129"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604528/; classtype:trojan-activity;sid:84467628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.247.161"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604526/; classtype:trojan-activity;sid:84467626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.126.199"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604527/; classtype:trojan-activity;sid:84467627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.204.196.136"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604525/; classtype:trojan-activity;sid:84467625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.5.49"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604524/; classtype:trojan-activity;sid:84467624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.97.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604523/; classtype:trojan-activity;sid:84467623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.137.192"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604522/; classtype:trojan-activity;sid:84467622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.189.70"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604520/; classtype:trojan-activity;sid:84467620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.178"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604521/; classtype:trojan-activity;sid:84467621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.105.76.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604519/; classtype:trojan-activity;sid:84467619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.177.151.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604518/; classtype:trojan-activity;sid:84467618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.192.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604517/; classtype:trojan-activity;sid:84467617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.153.86"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604516/; classtype:trojan-activity;sid:84467616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.230.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604511/; classtype:trojan-activity;sid:84467611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.118.14"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604512/; classtype:trojan-activity;sid:84467612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"202.155.132.83"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604513/; classtype:trojan-activity;sid:84467613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"202.155.132.83"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604514/; classtype:trojan-activity;sid:84467614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.113.141.16"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604515/; classtype:trojan-activity;sid:84467615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"196.251.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604509/; classtype:trojan-activity;sid:84467609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.224.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604510/; classtype:trojan-activity;sid:84467610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.97.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604508/; classtype:trojan-activity;sid:84467608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.18.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604507/; classtype:trojan-activity;sid:84467607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.167.98.81"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604506/; classtype:trojan-activity;sid:84467606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6nlk"; depth:8; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604505/; classtype:trojan-activity;sid:84467605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7nlk"; depth:8; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604504/; classtype:trojan-activity;sid:84467604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5nlk"; depth:8; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604503/; classtype:trojan-activity;sid:84467603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604501/; classtype:trojan-activity;sid:84467601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armnlk"; depth:7; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604502/; classtype:trojan-activity;sid:84467602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604500/; classtype:trojan-activity;sid:84467600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4nlk"; depth:7; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604498/; classtype:trojan-activity;sid:84467598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604499/; classtype:trojan-activity;sid:84467599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604497/; classtype:trojan-activity;sid:84467597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsnlk"; depth:8; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604495/; classtype:trojan-activity;sid:84467595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604496/; classtype:trojan-activity;sid:84467596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpslnlk"; depth:8; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604494/; classtype:trojan-activity;sid:84467594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604493/; classtype:trojan-activity;sid:84467593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68knlk"; depth:8; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604492/; classtype:trojan-activity;sid:84467592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604491/; classtype:trojan-activity;sid:84467591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604490/; classtype:trojan-activity;sid:84467590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604489/; classtype:trojan-activity;sid:84467589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604488/; classtype:trojan-activity;sid:84467588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604487/; classtype:trojan-activity;sid:84467587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hubsign.exe"; depth:12; endswith; nocase; http.host; content:"pub-b680817c5e87467b9602e0c8aed50af2.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604486/; classtype:trojan-activity;sid:84467586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/axis.mpsl"; depth:14; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604484/; classtype:trojan-activity;sid:84467584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/masterweb00/random.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604485/; classtype:trojan-activity;sid:84467585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/axis.sh4"; depth:13; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604479/; classtype:trojan-activity;sid:84467579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604480/; classtype:trojan-activity;sid:84467580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/axis.x86"; depth:13; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604481/; classtype:trojan-activity;sid:84467581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86_64"; depth:16; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604482/; classtype:trojan-activity;sid:84467582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5390889402/tdlzkwd.msi"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604483/; classtype:trojan-activity;sid:84467583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm5"; depth:14; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604475/; classtype:trojan-activity;sid:84467575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppcnlk"; depth:7; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604476/; classtype:trojan-activity;sid:84467576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/ppc"; depth:13; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604477/; classtype:trojan-activity;sid:84467577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86-debug"; depth:19; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604478/; classtype:trojan-activity;sid:84467578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7610129705/gxghdli.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604474/; classtype:trojan-activity;sid:84467574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/axis.arm7l"; depth:15; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604470/; classtype:trojan-activity;sid:84467570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/axis.mips"; depth:14; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604471/; classtype:trojan-activity;sid:84467571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/axis.spc"; depth:13; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604472/; classtype:trojan-activity;sid:84467572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/w"; depth:6; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604473/; classtype:trojan-activity;sid:84467573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/m68k"; depth:14; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604468/; classtype:trojan-activity;sid:84467568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/axis.x86_64"; depth:16; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604469/; classtype:trojan-activity;sid:84467569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/axis.m68k"; depth:14; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604463/; classtype:trojan-activity;sid:84467563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/axis.arm5l"; depth:15; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604464/; classtype:trojan-activity;sid:84467564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/axis.arm4l"; depth:15; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604465/; classtype:trojan-activity;sid:84467565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axe/axis.arm6l"; depth:15; endswith; nocase; http.host; content:"198.251.89.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604466/; classtype:trojan-activity;sid:84467566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604467/; classtype:trojan-activity;sid:84467567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/spc"; depth:13; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604460/; classtype:trojan-activity;sid:84467560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm7"; depth:14; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604461/; classtype:trojan-activity;sid:84467561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm6"; depth:14; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604462/; classtype:trojan-activity;sid:84467562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6414362619/19g1lsr.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604459/; classtype:trojan-activity;sid:84467559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/sh4"; depth:13; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604456/; classtype:trojan-activity;sid:84467556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"static.194.154.201.138.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604457/; classtype:trojan-activity;sid:84467557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mpsl"; depth:14; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604458/; classtype:trojan-activity;sid:84467558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5298241443/uhcra5l.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604455/; classtype:trojan-activity;sid:84467555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1013240947/osr9jnf.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604454/; classtype:trojan-activity;sid:84467554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.31.137"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604453/; classtype:trojan-activity;sid:84467553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.68.216"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604452/; classtype:trojan-activity;sid:84467552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.35.92.255"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604451/; classtype:trojan-activity;sid:84467551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.62.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604450/; classtype:trojan-activity;sid:84467550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.238.122"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604449/; classtype:trojan-activity;sid:84467549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.71.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604448/; classtype:trojan-activity;sid:84467548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.225.1"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604447/; classtype:trojan-activity;sid:84467547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.164.44.225"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604446/; classtype:trojan-activity;sid:84467546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.238.122"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604445/; classtype:trojan-activity;sid:84467545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.62.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604444/; classtype:trojan-activity;sid:84467544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.22.157"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604443/; classtype:trojan-activity;sid:84467543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.226.233"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604442/; classtype:trojan-activity;sid:84467542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.225.1"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604441/; classtype:trojan-activity;sid:84467541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.164.44.225"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604440/; classtype:trojan-activity;sid:84467540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"196.251.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604430/; classtype:trojan-activity;sid:84467530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"196.251.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604431/; classtype:trojan-activity;sid:84467531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"196.251.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604432/; classtype:trojan-activity;sid:84467532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"196.251.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604433/; classtype:trojan-activity;sid:84467533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"196.251.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604434/; classtype:trojan-activity;sid:84467534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"196.251.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604435/; classtype:trojan-activity;sid:84467535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"196.251.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604436/; classtype:trojan-activity;sid:84467536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"196.251.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604437/; classtype:trojan-activity;sid:84467537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"196.251.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604438/; classtype:trojan-activity;sid:84467538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"196.251.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604439/; classtype:trojan-activity;sid:84467539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604429/; classtype:trojan-activity;sid:84467529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.85.156"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604428/; classtype:trojan-activity;sid:84467528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.197.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604427/; classtype:trojan-activity;sid:84467527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.226.233"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604426/; classtype:trojan-activity;sid:84467526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.107.205"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604425/; classtype:trojan-activity;sid:84467525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.103.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604424/; classtype:trojan-activity;sid:84467524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.236.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604423/; classtype:trojan-activity;sid:84467523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.17.153"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604422/; classtype:trojan-activity;sid:84467522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.143.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604421/; classtype:trojan-activity;sid:84467521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.208.68"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604420/; classtype:trojan-activity;sid:84467520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.142.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604419/; classtype:trojan-activity;sid:84467519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.123.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604418/; classtype:trojan-activity;sid:84467518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.143.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604417/; classtype:trojan-activity;sid:84467517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.123.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604416/; classtype:trojan-activity;sid:84467516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.5.49"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604415/; classtype:trojan-activity;sid:84467515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.69.242"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604414/; classtype:trojan-activity;sid:84467514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.205.31"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604413/; classtype:trojan-activity;sid:84467513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.194.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604412/; classtype:trojan-activity;sid:84467512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.194.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604411/; classtype:trojan-activity;sid:84467511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.25.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604410/; classtype:trojan-activity;sid:84467510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.11.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604409/; classtype:trojan-activity;sid:84467509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.97.148"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604408/; classtype:trojan-activity;sid:84467508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.180.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604407/; classtype:trojan-activity;sid:84467507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.229.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604406/; classtype:trojan-activity;sid:84467506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.62.8"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604405/; classtype:trojan-activity;sid:84467505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.47.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604404/; classtype:trojan-activity;sid:84467504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.62.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604403/; classtype:trojan-activity;sid:84467503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.49.76"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604402/; classtype:trojan-activity;sid:84467502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.164.87"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604401/; classtype:trojan-activity;sid:84467501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.97.148"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604400/; classtype:trojan-activity;sid:84467500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.180.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604399/; classtype:trojan-activity;sid:84467499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.229.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604398/; classtype:trojan-activity;sid:84467498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.62.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604397/; classtype:trojan-activity;sid:84467497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.194.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604396/; classtype:trojan-activity;sid:84467496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.119.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604395/; classtype:trojan-activity;sid:84467495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.156.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604394/; classtype:trojan-activity;sid:84467494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.79.137"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604393/; classtype:trojan-activity;sid:84467493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.44.248.61"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604392/; classtype:trojan-activity;sid:84467492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.29.79"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604391/; classtype:trojan-activity;sid:84467491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.210.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604390/; classtype:trojan-activity;sid:84467490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.44.248.61"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604389/; classtype:trojan-activity;sid:84467489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.156.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604388/; classtype:trojan-activity;sid:84467488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.202.136"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604387/; classtype:trojan-activity;sid:84467487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.191.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604386/; classtype:trojan-activity;sid:84467486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604385/; classtype:trojan-activity;sid:84467485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"93.177.151.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604384/; classtype:trojan-activity;sid:84467484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604383/; classtype:trojan-activity;sid:84467483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"207.244.199.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604382/; classtype:trojan-activity;sid:84467482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vuupc/dl.php"; depth:13; endswith; nocase; http.host; content:"www.download-servers.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604381/; classtype:trojan-activity;sid:84467481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.157.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604380/; classtype:trojan-activity;sid:84467480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.25.104.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604379/; classtype:trojan-activity;sid:84467479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.137.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604378/; classtype:trojan-activity;sid:84467478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.86.113"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604377/; classtype:trojan-activity;sid:84467477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.210.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604376/; classtype:trojan-activity;sid:84467476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.157.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604375/; classtype:trojan-activity;sid:84467475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.11.60.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604374/; classtype:trojan-activity;sid:84467474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604373/; classtype:trojan-activity;sid:84467473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604372/; classtype:trojan-activity;sid:84467472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604371/; classtype:trojan-activity;sid:84467471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604370/; classtype:trojan-activity;sid:84467470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604367/; classtype:trojan-activity;sid:84467467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604368/; classtype:trojan-activity;sid:84467468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604369/; classtype:trojan-activity;sid:84467469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604363/; classtype:trojan-activity;sid:84467463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604364/; classtype:trojan-activity;sid:84467464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604365/; classtype:trojan-activity;sid:84467465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"45.80.158.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604366/; classtype:trojan-activity;sid:84467466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604362/; classtype:trojan-activity;sid:84467462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.224.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604361/; classtype:trojan-activity;sid:84467461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.240.245"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604360/; classtype:trojan-activity;sid:84467460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.11.60.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604359/; classtype:trojan-activity;sid:84467459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.62.8"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604358/; classtype:trojan-activity;sid:84467458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.83.203"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604357/; classtype:trojan-activity;sid:84467457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.194.219"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604356/; classtype:trojan-activity;sid:84467456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.66.79"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604355/; classtype:trojan-activity;sid:84467455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.171.212"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604354/; classtype:trojan-activity;sid:84467454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.83.203"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604353/; classtype:trojan-activity;sid:84467453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.59.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604352/; classtype:trojan-activity;sid:84467452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.206.223"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604351/; classtype:trojan-activity;sid:84467451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.158.212.128"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604350/; classtype:trojan-activity;sid:84467450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.240.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604349/; classtype:trojan-activity;sid:84467449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.52.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604348/; classtype:trojan-activity;sid:84467448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.214.203"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604347/; classtype:trojan-activity;sid:84467447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.240.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604346/; classtype:trojan-activity;sid:84467446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.181.0.226"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604345/; classtype:trojan-activity;sid:84467445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.69.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604344/; classtype:trojan-activity;sid:84467444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.208.68"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604343/; classtype:trojan-activity;sid:84467443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.21"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604342/; classtype:trojan-activity;sid:84467442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.149.171"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604341/; classtype:trojan-activity;sid:84467441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.69.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604340/; classtype:trojan-activity;sid:84467440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.45.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604339/; classtype:trojan-activity;sid:84467439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.149.171"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604338/; classtype:trojan-activity;sid:84467438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.126.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604337/; classtype:trojan-activity;sid:84467437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.42.62"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604336/; classtype:trojan-activity;sid:84467436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.195.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604335/; classtype:trojan-activity;sid:84467435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.198.96"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604334/; classtype:trojan-activity;sid:84467434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.24.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604333/; classtype:trojan-activity;sid:84467433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604332/; classtype:trojan-activity;sid:84467432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604331/; classtype:trojan-activity;sid:84467431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"lol.0x504.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604330/; classtype:trojan-activity;sid:84467430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"lol.0x504.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604329/; classtype:trojan-activity;sid:84467429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"lol.0x504.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604328/; classtype:trojan-activity;sid:84467428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"lol.0x504.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604327/; classtype:trojan-activity;sid:84467427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"lol.0x504.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604320/; classtype:trojan-activity;sid:84467420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"lol.0x504.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604321/; classtype:trojan-activity;sid:84467421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"lol.0x504.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604322/; classtype:trojan-activity;sid:84467422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"lol.0x504.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604323/; classtype:trojan-activity;sid:84467423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"lol.0x504.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604324/; classtype:trojan-activity;sid:84467424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"lol.0x504.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604325/; classtype:trojan-activity;sid:84467425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"lol.0x504.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604326/; classtype:trojan-activity;sid:84467426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604318/; classtype:trojan-activity;sid:84467418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.52.166.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604319/; classtype:trojan-activity;sid:84467419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604317/; classtype:trojan-activity;sid:84467417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604316/; classtype:trojan-activity;sid:84467416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604315/; classtype:trojan-activity;sid:84467415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.135.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604314/; classtype:trojan-activity;sid:84467414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm"; depth:13; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604313/; classtype:trojan-activity;sid:84467413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86"; depth:13; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604312/; classtype:trojan-activity;sid:84467412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.107.16.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604309/; classtype:trojan-activity;sid:84467409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.8.7"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604310/; classtype:trojan-activity;sid:84467410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.230.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604311/; classtype:trojan-activity;sid:84467411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.247.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604308/; classtype:trojan-activity;sid:84467408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mips"; depth:14; endswith; nocase; http.host; content:"138.201.154.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604307/; classtype:trojan-activity;sid:84467407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.84.74"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604306/; classtype:trojan-activity;sid:84467406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.8.7"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604303/; classtype:trojan-activity;sid:84467403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.198.55.17"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604304/; classtype:trojan-activity;sid:84467404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.135.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604305/; classtype:trojan-activity;sid:84467405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.81.136"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604299/; classtype:trojan-activity;sid:84467399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.98.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604300/; classtype:trojan-activity;sid:84467400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.251.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604301/; classtype:trojan-activity;sid:84467401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.251.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604302/; classtype:trojan-activity;sid:84467402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"5.255.123.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604298/; classtype:trojan-activity;sid:84467398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.164.211.38"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604297/; classtype:trojan-activity;sid:84467397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.32.107"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604296/; classtype:trojan-activity;sid:84467396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.52.166.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604295/; classtype:trojan-activity;sid:84467395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.164.211.38"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604294/; classtype:trojan-activity;sid:84467394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.151.136"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604293/; classtype:trojan-activity;sid:84467393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604292/; classtype:trojan-activity;sid:84467392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604291/; classtype:trojan-activity;sid:84467391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604290/; classtype:trojan-activity;sid:84467390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604288/; classtype:trojan-activity;sid:84467388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604289/; classtype:trojan-activity;sid:84467389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604286/; classtype:trojan-activity;sid:84467386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604287/; classtype:trojan-activity;sid:84467387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.199.18"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604282/; classtype:trojan-activity;sid:84467382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604283/; classtype:trojan-activity;sid:84467383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604284/; classtype:trojan-activity;sid:84467384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604285/; classtype:trojan-activity;sid:84467385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.151.136"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604280/; classtype:trojan-activity;sid:84467380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.198.140.69"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604281/; classtype:trojan-activity;sid:84467381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.128.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604279/; classtype:trojan-activity;sid:84467379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.161.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604278/; classtype:trojan-activity;sid:84467378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.246.128"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604277/; classtype:trojan-activity;sid:84467377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.126.161"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604276/; classtype:trojan-activity;sid:84467376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.110.68"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604275/; classtype:trojan-activity;sid:84467375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.246.128"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604274/; classtype:trojan-activity;sid:84467374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.128.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604273/; classtype:trojan-activity;sid:84467373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ini/helper.bin"; depth:16; endswith; nocase; http.host; content:"4.228.56.150"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604272/; classtype:trojan-activity;sid:84467372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/adobeupdate.msi"; depth:26; endswith; nocase; http.host; content:"94.159.99.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604271/; classtype:trojan-activity;sid:84467371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/l8825.msi"; depth:20; endswith; nocase; http.host; content:"94.159.99.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604270/; classtype:trojan-activity;sid:84467370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ini/file.vbs"; depth:14; endswith; nocase; http.host; content:"4.228.56.150"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604269/; classtype:trojan-activity;sid:84467369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ini/file.bat"; depth:14; endswith; nocase; http.host; content:"4.228.56.150"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604268/; classtype:trojan-activity;sid:84467368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.25.134.23"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604267/; classtype:trojan-activity;sid:84467367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.126.161"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604266/; classtype:trojan-activity;sid:84467366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"196.251.88.63"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604265/; classtype:trojan-activity;sid:84467365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"3.1.211.57"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604262/; classtype:trojan-activity;sid:84467362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"212.192.13.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604263/; classtype:trojan-activity;sid:84467363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.184.172"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604264/; classtype:trojan-activity;sid:84467364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"118.71.117.148"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604261/; classtype:trojan-activity;sid:84467361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.106.2.193"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604260/; classtype:trojan-activity;sid:84467360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.mips"; depth:18; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604258/; classtype:trojan-activity;sid:84467358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.arm5"; depth:18; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604259/; classtype:trojan-activity;sid:84467359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.spc"; depth:17; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604249/; classtype:trojan-activity;sid:84467349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.arm6"; depth:18; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604250/; classtype:trojan-activity;sid:84467350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.ppc"; depth:17; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604251/; classtype:trojan-activity;sid:84467351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.x86"; depth:17; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604252/; classtype:trojan-activity;sid:84467352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.sh4"; depth:17; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604253/; classtype:trojan-activity;sid:84467353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.mpsl"; depth:18; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604254/; classtype:trojan-activity;sid:84467354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.m68k"; depth:18; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604255/; classtype:trojan-activity;sid:84467355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.arm"; depth:17; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604256/; classtype:trojan-activity;sid:84467356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade420.arm7"; depth:18; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604257/; classtype:trojan-activity;sid:84467357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oblivion121.sh"; depth:15; endswith; nocase; http.host; content:"103.130.213.44"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604248/; classtype:trojan-activity;sid:84467348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.202.196.93"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604243/; classtype:trojan-activity;sid:84467343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.250.48.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604244/; classtype:trojan-activity;sid:84467344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"120.157.44.15"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604245/; classtype:trojan-activity;sid:84467345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.19.130.62"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604246/; classtype:trojan-activity;sid:84467346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"120.157.131.196"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604247/; classtype:trojan-activity;sid:84467347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.29.88.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604241/; classtype:trojan-activity;sid:84467341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.217.165.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604242/; classtype:trojan-activity;sid:84467342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.157.28.81"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604240/; classtype:trojan-activity;sid:84467340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.223.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604236/; classtype:trojan-activity;sid:84467336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.158.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604237/; classtype:trojan-activity;sid:84467337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.234.174.193"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604238/; classtype:trojan-activity;sid:84467338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.181.166.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604239/; classtype:trojan-activity;sid:84467339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"141.149.36.27"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604235/; classtype:trojan-activity;sid:84467335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.29.88.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604234/; classtype:trojan-activity;sid:84467334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"164.126.150.95"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604233/; classtype:trojan-activity;sid:84467333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.150.224"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604232/; classtype:trojan-activity;sid:84467332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.83.63"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604231/; classtype:trojan-activity;sid:84467331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.223.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604230/; classtype:trojan-activity;sid:84467330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.42.62"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604228/; classtype:trojan-activity;sid:84467328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.110.131"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604229/; classtype:trojan-activity;sid:84467329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.25.134.23"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604227/; classtype:trojan-activity;sid:84467327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.223.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604226/; classtype:trojan-activity;sid:84467326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.130.182"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604225/; classtype:trojan-activity;sid:84467325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.204.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604224/; classtype:trojan-activity;sid:84467324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.4.10"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604223/; classtype:trojan-activity;sid:84467323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.16.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604222/; classtype:trojan-activity;sid:84467322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.130.182"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604221/; classtype:trojan-activity;sid:84467321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.35.92.255"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604220/; classtype:trojan-activity;sid:84467320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.32.107"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604219/; classtype:trojan-activity;sid:84467319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.193.165"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604218/; classtype:trojan-activity;sid:84467318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604217/; classtype:trojan-activity;sid:84467317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.119.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604216/; classtype:trojan-activity;sid:84467316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.107.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604215/; classtype:trojan-activity;sid:84467315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"153.37.135.191"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604214/; classtype:trojan-activity;sid:84467314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.39.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604213/; classtype:trojan-activity;sid:84467313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.106"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604212/; classtype:trojan-activity;sid:84467312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.67.113"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604211/; classtype:trojan-activity;sid:84467311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.0.79"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604210/; classtype:trojan-activity;sid:84467310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.236.10.243"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604209/; classtype:trojan-activity;sid:84467309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.107.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604208/; classtype:trojan-activity;sid:84467308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.4.10"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604207/; classtype:trojan-activity;sid:84467307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.177.220"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604206/; classtype:trojan-activity;sid:84467306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.118.14"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604205/; classtype:trojan-activity;sid:84467305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.63.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604204/; classtype:trojan-activity;sid:84467304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.56.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604203/; classtype:trojan-activity;sid:84467303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.17.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604202/; classtype:trojan-activity;sid:84467302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.63.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604201/; classtype:trojan-activity;sid:84467301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.172.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604200/; classtype:trojan-activity;sid:84467300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wvtcifeygu_07/03.txt"; depth:21; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604199/; classtype:trojan-activity;sid:84467299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.230.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604198/; classtype:trojan-activity;sid:84467298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.17.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604197/; classtype:trojan-activity;sid:84467297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/comememebaig.txt"; depth:17; endswith; nocase; http.host; content:"107.175.243.133"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604196/; classtype:trojan-activity;sid:84467296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uce32/raw"; depth:10; endswith; nocase; http.host; content:"dpaste.org"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604195/; classtype:trojan-activity;sid:84467295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flawedlion.msi"; depth:15; endswith; nocase; http.host; content:"arroop.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604194/; classtype:trojan-activity;sid:84467294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qwujw/raw"; depth:10; endswith; nocase; http.host; content:"dpaste.org"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604193/; classtype:trojan-activity;sid:84467293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/staticfight.mp4"; depth:16; endswith; nocase; http.host; content:"arroop.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604192/; classtype:trojan-activity;sid:84467292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nlpng/raw"; depth:10; endswith; nocase; http.host; content:"dpaste.org"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604191/; classtype:trojan-activity;sid:84467291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n/vs_buildtools.zip"; depth:20; endswith; nocase; http.host; content:"198.46.142.197"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604190/; classtype:trojan-activity;sid:84467290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.52.164"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604189/; classtype:trojan-activity;sid:84467289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/iuencvycxo"; depth:15; endswith; nocase; http.host; content:"pt.textbin.net"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604188/; classtype:trojan-activity;sid:84467288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client-built.exe"; depth:17; endswith; nocase; http.host; content:"cosmic-cheats.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604187/; classtype:trojan-activity;sid:84467287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/poison.dll"; depth:11; endswith; nocase; http.host; content:"cosmic-cheats.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604186/; classtype:trojan-activity;sid:84467286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.98.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604185/; classtype:trojan-activity;sid:84467285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.180.69"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604184/; classtype:trojan-activity;sid:84467284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604183/; classtype:trojan-activity;sid:84467283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6003232782/e7ajurn.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604182/; classtype:trojan-activity;sid:84467282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6817544025/lzbjfhq.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604181/; classtype:trojan-activity;sid:84467281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7235290108/3wieqtr.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604180/; classtype:trojan-activity;sid:84467280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.52.164"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604179/; classtype:trojan-activity;sid:84467279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4r3.js"; depth:7; endswith; nocase; http.host; content:"captchaverift.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604178/; classtype:trojan-activity;sid:84467278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajax/pixi.min.js"; depth:17; endswith; nocase; http.host; content:"domainweel.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604177/; classtype:trojan-activity;sid:84467277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.184.214"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604168/; classtype:trojan-activity;sid:84467268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.171.212"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604169/; classtype:trojan-activity;sid:84467269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm"; depth:13; endswith; nocase; http.host; content:"155.138.212.35"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604170/; classtype:trojan-activity;sid:84467270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.193.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604171/; classtype:trojan-activity;sid:84467271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mips"; depth:14; endswith; nocase; http.host; content:"155.138.212.35"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604172/; classtype:trojan-activity;sid:84467272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.112.42.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604173/; classtype:trojan-activity;sid:84467273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.101.172"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604174/; classtype:trojan-activity;sid:84467274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86"; depth:13; endswith; nocase; http.host; content:"155.138.212.35"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604175/; classtype:trojan-activity;sid:84467275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.15.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604176/; classtype:trojan-activity;sid:84467276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"78.166.214.64"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604167/; classtype:trojan-activity;sid:84467267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.11.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604166/; classtype:trojan-activity;sid:84467266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wwwap/sunnyday"; depth:15; endswith; nocase; http.host; content:"menslaks.top"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604164/; classtype:trojan-activity;sid:84467264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7zxg9h"; depth:7; endswith; nocase; http.host; content:"psee.io"; depth:7; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604165/; classtype:trojan-activity;sid:84467265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604163/; classtype:trojan-activity;sid:84467263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.172.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604162/; classtype:trojan-activity;sid:84467262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.13.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604161/; classtype:trojan-activity;sid:84467261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/71895766/9uequla.exe"; depth:27; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604160/; classtype:trojan-activity;sid:84467260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7235290108/qiraca8.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604159/; classtype:trojan-activity;sid:84467259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5254702106/6qx64my.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604158/; classtype:trojan-activity;sid:84467258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604157/; classtype:trojan-activity;sid:84467257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604156/; classtype:trojan-activity;sid:84467256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.13.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604155/; classtype:trojan-activity;sid:84467255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.66.79"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604154/; classtype:trojan-activity;sid:84467254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.150.116"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604153/; classtype:trojan-activity;sid:84467253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.50.226"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604152/; classtype:trojan-activity;sid:84467252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.2.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604151/; classtype:trojan-activity;sid:84467251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.21.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604150/; classtype:trojan-activity;sid:84467250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.150.116"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604149/; classtype:trojan-activity;sid:84467249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.37.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604148/; classtype:trojan-activity;sid:84467248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.141.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604147/; classtype:trojan-activity;sid:84467247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.50.226"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604146/; classtype:trojan-activity;sid:84467246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.240.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604145/; classtype:trojan-activity;sid:84467245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.251.94"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604144/; classtype:trojan-activity;sid:84467244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.39.211"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604143/; classtype:trojan-activity;sid:84467243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.220.191"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604142/; classtype:trojan-activity;sid:84467242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.107.117"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604141/; classtype:trojan-activity;sid:84467241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.253.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604140/; classtype:trojan-activity;sid:84467240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.194.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604139/; classtype:trojan-activity;sid:84467239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.198.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604138/; classtype:trojan-activity;sid:84467238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.21.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604137/; classtype:trojan-activity;sid:84467237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1229664666/94qbblz.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604136/; classtype:trojan-activity;sid:84467236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6560547276/rneaf0f.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604135/; classtype:trojan-activity;sid:84467235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.245.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604134/; classtype:trojan-activity;sid:84467234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.107.117"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604133/; classtype:trojan-activity;sid:84467233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.198.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604132/; classtype:trojan-activity;sid:84467232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.222.221"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604131/; classtype:trojan-activity;sid:84467231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.106.236"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604130/; classtype:trojan-activity;sid:84467230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.228.40"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604129/; classtype:trojan-activity;sid:84467229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.236"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604128/; classtype:trojan-activity;sid:84467228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.245.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604127/; classtype:trojan-activity;sid:84467227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.77.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604126/; classtype:trojan-activity;sid:84467226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.4.213"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604125/; classtype:trojan-activity;sid:84467225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.13.172"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604124/; classtype:trojan-activity;sid:84467224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.228.40"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604123/; classtype:trojan-activity;sid:84467223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.100.220"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604122/; classtype:trojan-activity;sid:84467222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.225.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604121/; classtype:trojan-activity;sid:84467221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.126.116"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604120/; classtype:trojan-activity;sid:84467220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.238.17"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604119/; classtype:trojan-activity;sid:84467219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.100.220"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604118/; classtype:trojan-activity;sid:84467218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.177.101.171"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604117/; classtype:trojan-activity;sid:84467217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.225.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604116/; classtype:trojan-activity;sid:84467216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.238.17"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604115/; classtype:trojan-activity;sid:84467215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.28.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604114/; classtype:trojan-activity;sid:84467214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.177.101.171"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604113/; classtype:trojan-activity;sid:84467213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.247.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604112/; classtype:trojan-activity;sid:84467212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.160.93"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604111/; classtype:trojan-activity;sid:84467211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.181.0.226"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604110/; classtype:trojan-activity;sid:84467210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.28.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604109/; classtype:trojan-activity;sid:84467209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.18.218.118"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604108/; classtype:trojan-activity;sid:84467208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/892962105/clii1tw.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604107/; classtype:trojan-activity;sid:84467207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.233.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604106/; classtype:trojan-activity;sid:84467206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.0.79"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604105/; classtype:trojan-activity;sid:84467205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.2.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604104/; classtype:trojan-activity;sid:84467204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.180.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604103/; classtype:trojan-activity;sid:84467203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.233.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604102/; classtype:trojan-activity;sid:84467202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.18.218.118"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604101/; classtype:trojan-activity;sid:84467201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.31.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604100/; classtype:trojan-activity;sid:84467200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/free.exe"; depth:14; endswith; nocase; http.host; content:"64thservice.pages.dev"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604099/; classtype:trojan-activity;sid:84467199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idkrwerwre-main/windows%20start-up%20application.exe"; depth:53; endswith; nocase; http.host; content:"64thservice.pages.dev"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604098/; classtype:trojan-activity;sid:84467198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64/67.exe"; depth:10; endswith; nocase; http.host; content:"64thservice.pages.dev"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604097/; classtype:trojan-activity;sid:84467197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604084/; classtype:trojan-activity;sid:84467184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604085/; classtype:trojan-activity;sid:84467185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604086/; classtype:trojan-activity;sid:84467186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604087/; classtype:trojan-activity;sid:84467187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604088/; classtype:trojan-activity;sid:84467188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604089/; classtype:trojan-activity;sid:84467189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604090/; classtype:trojan-activity;sid:84467190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64/64th%20service%20v20.exe"; depth:28; endswith; nocase; http.host; content:"64-agd.pages.dev"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604091/; classtype:trojan-activity;sid:84467191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604092/; classtype:trojan-activity;sid:84467192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604093/; classtype:trojan-activity;sid:84467193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604094/; classtype:trojan-activity;sid:84467194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/over.bak"; depth:9; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604095/; classtype:trojan-activity;sid:84467195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ypdegp.sys"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604096/; classtype:trojan-activity;sid:84467196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604082/; classtype:trojan-activity;sid:84467182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"94.154.172.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604083/; classtype:trojan-activity;sid:84467183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoke.bak"; depth:10; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604081/; classtype:trojan-activity;sid:84467181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6560547276/zyggdbv.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604076/; classtype:trojan-activity;sid:84467176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/give.bak"; depth:9; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604077/; classtype:trojan-activity;sid:84467177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rich.bak"; depth:9; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604078/; classtype:trojan-activity;sid:84467178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/outdoor.bak"; depth:12; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604079/; classtype:trojan-activity;sid:84467179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/praise.bak"; depth:11; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604080/; classtype:trojan-activity;sid:84467180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/892962105/63hust6.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604075/; classtype:trojan-activity;sid:84467175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.196.245"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604074/; classtype:trojan-activity;sid:84467174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.85.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604073/; classtype:trojan-activity;sid:84467173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.196.245"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604070/; classtype:trojan-activity;sid:84467170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.4.213"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604071/; classtype:trojan-activity;sid:84467171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.191.130"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604072/; classtype:trojan-activity;sid:84467172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.116"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604067/; classtype:trojan-activity;sid:84467167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.107.153"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604068/; classtype:trojan-activity;sid:84467168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.64.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604069/; classtype:trojan-activity;sid:84467169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.133.137.138"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604066/; classtype:trojan-activity;sid:84467166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.23.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604065/; classtype:trojan-activity;sid:84467165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.95.54"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604064/; classtype:trojan-activity;sid:84467164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.69.61.236"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604063/; classtype:trojan-activity;sid:84467163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.55.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604062/; classtype:trojan-activity;sid:84467162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.60.116"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604061/; classtype:trojan-activity;sid:84467161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.195.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604060/; classtype:trojan-activity;sid:84467160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.23.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604059/; classtype:trojan-activity;sid:84467159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604058/; classtype:trojan-activity;sid:84467158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.62.13"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604057/; classtype:trojan-activity;sid:84467157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.40.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604056/; classtype:trojan-activity;sid:84467156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.26.161"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604055/; classtype:trojan-activity;sid:84467155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.223.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604054/; classtype:trojan-activity;sid:84467154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.60.27"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604053/; classtype:trojan-activity;sid:84467153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.147.64.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604052/; classtype:trojan-activity;sid:84467152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.56.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604051/; classtype:trojan-activity;sid:84467151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.111.11"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604050/; classtype:trojan-activity;sid:84467150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.60.116"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604049/; classtype:trojan-activity;sid:84467149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604048/; classtype:trojan-activity;sid:84467148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.155.168"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604047/; classtype:trojan-activity;sid:84467147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.40.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604046/; classtype:trojan-activity;sid:84467146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.26.161"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604045/; classtype:trojan-activity;sid:84467145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.56.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604044/; classtype:trojan-activity;sid:84467144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.69.61.236"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604043/; classtype:trojan-activity;sid:84467143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.122.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604042/; classtype:trojan-activity;sid:84467142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.60.27"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604041/; classtype:trojan-activity;sid:84467141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.111.11"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604040/; classtype:trojan-activity;sid:84467140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.167.98.81"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604039/; classtype:trojan-activity;sid:84467139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.43.242"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604038/; classtype:trojan-activity;sid:84467138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.208.56"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604037/; classtype:trojan-activity;sid:84467137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.221.59"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604036/; classtype:trojan-activity;sid:84467136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.196.120"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604035/; classtype:trojan-activity;sid:84467135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt3"; depth:6; endswith; nocase; http.host; content:"156.225.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604034/; classtype:trojan-activity;sid:84467134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.ppc"; depth:12; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604032/; classtype:trojan-activity;sid:84467132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.m68"; depth:12; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604033/; classtype:trojan-activity;sid:84467133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt6"; depth:6; endswith; nocase; http.host; content:"156.225.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604031/; classtype:trojan-activity;sid:84467131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.i686"; depth:13; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604019/; classtype:trojan-activity;sid:84467119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt5"; depth:6; endswith; nocase; http.host; content:"156.225.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604020/; classtype:trojan-activity;sid:84467120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.spc"; depth:12; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604021/; classtype:trojan-activity;sid:84467121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt4"; depth:6; endswith; nocase; http.host; content:"156.225.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604022/; classtype:trojan-activity;sid:84467122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt7"; depth:6; endswith; nocase; http.host; content:"156.225.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604023/; classtype:trojan-activity;sid:84467123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt2"; depth:6; endswith; nocase; http.host; content:"156.225.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604024/; classtype:trojan-activity;sid:84467124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4"; depth:13; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604025/; classtype:trojan-activity;sid:84467125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mips"; depth:13; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604026/; classtype:trojan-activity;sid:84467126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.sh4"; depth:12; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604027/; classtype:trojan-activity;sid:84467127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt1"; depth:6; endswith; nocase; http.host; content:"156.225.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604028/; classtype:trojan-activity;sid:84467128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm7"; depth:13; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604029/; classtype:trojan-activity;sid:84467129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mpsl"; depth:13; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604030/; classtype:trojan-activity;sid:84467130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm5"; depth:13; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604018/; classtype:trojan-activity;sid:84467118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604017/; classtype:trojan-activity;sid:84467117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604016/; classtype:trojan-activity;sid:84467116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604011/; classtype:trojan-activity;sid:84467111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604012/; classtype:trojan-activity;sid:84467112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604013/; classtype:trojan-activity;sid:84467113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604014/; classtype:trojan-activity;sid:84467114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604015/; classtype:trojan-activity;sid:84467115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604010/; classtype:trojan-activity;sid:84467110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604002/; classtype:trojan-activity;sid:84467102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jack5tr.sh"; depth:11; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604003/; classtype:trojan-activity;sid:84467103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604004/; classtype:trojan-activity;sid:84467104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604005/; classtype:trojan-activity;sid:84467105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604006/; classtype:trojan-activity;sid:84467106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604007/; classtype:trojan-activity;sid:84467107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604008/; classtype:trojan-activity;sid:84467108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604009/; classtype:trojan-activity;sid:84467109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603996/; classtype:trojan-activity;sid:84467096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603997/; classtype:trojan-activity;sid:84467097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603998/; classtype:trojan-activity;sid:84467098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603999/; classtype:trojan-activity;sid:84467099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604000/; classtype:trojan-activity;sid:84467100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jack5tr.sh"; depth:11; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604001/; classtype:trojan-activity;sid:84467101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603995/; classtype:trojan-activity;sid:84467095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603993/; classtype:trojan-activity;sid:84467093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603994/; classtype:trojan-activity;sid:84467094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.130.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603992/; classtype:trojan-activity;sid:84467092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.221.59"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603990/; classtype:trojan-activity;sid:84467090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.197.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603991/; classtype:trojan-activity;sid:84467091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.14.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603989/; classtype:trojan-activity;sid:84467089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.114.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603988/; classtype:trojan-activity;sid:84467088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.xml"; depth:6; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603985/; classtype:trojan-activity;sid:84467085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603986/; classtype:trojan-activity;sid:84467086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603987/; classtype:trojan-activity;sid:84467087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603984/; classtype:trojan-activity;sid:84467084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/massload"; depth:9; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603978/; classtype:trojan-activity;sid:84467078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603979/; classtype:trojan-activity;sid:84467079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603980/; classtype:trojan-activity;sid:84467080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603981/; classtype:trojan-activity;sid:84467081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603982/; classtype:trojan-activity;sid:84467082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603983/; classtype:trojan-activity;sid:84467083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gtop.sh"; depth:8; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603977/; classtype:trojan-activity;sid:84467077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.x86"; depth:14; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603974/; classtype:trojan-activity;sid:84467074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.sh4"; depth:14; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603975/; classtype:trojan-activity;sid:84467075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.x86"; depth:16; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603976/; classtype:trojan-activity;sid:84467076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"23.94.89.225"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603973/; classtype:trojan-activity;sid:84467073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603964/; classtype:trojan-activity;sid:84467064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603965/; classtype:trojan-activity;sid:84467065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7.nn"; depth:8; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603966/; classtype:trojan-activity;sid:84467066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603967/; classtype:trojan-activity;sid:84467067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603968/; classtype:trojan-activity;sid:84467068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"31.57.38.226"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603969/; classtype:trojan-activity;sid:84467069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm7"; depth:17; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603970/; classtype:trojan-activity;sid:84467070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603971/; classtype:trojan-activity;sid:84467071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603972/; classtype:trojan-activity;sid:84467072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt12"; depth:7; endswith; nocase; http.host; content:"156.225.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603961/; classtype:trojan-activity;sid:84467061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.x86"; depth:12; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603962/; classtype:trojan-activity;sid:84467062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.m68k"; depth:15; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603963/; classtype:trojan-activity;sid:84467063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.sh"; depth:5; endswith; nocase; http.host; content:"156.225.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603960/; classtype:trojan-activity;sid:84467060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt10"; depth:7; endswith; nocase; http.host; content:"156.225.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603951/; classtype:trojan-activity;sid:84467051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt8"; depth:6; endswith; nocase; http.host; content:"156.225.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603952/; classtype:trojan-activity;sid:84467052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"199.230.105.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603953/; classtype:trojan-activity;sid:84467053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0x83911d24fx.sh"; depth:16; endswith; nocase; http.host; content:"93.95.230.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603954/; classtype:trojan-activity;sid:84467054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"31.57.38.226"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603955/; classtype:trojan-activity;sid:84467055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"103.170.123.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603956/; classtype:trojan-activity;sid:84467056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"45.90.98.93"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603957/; classtype:trojan-activity;sid:84467057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm6"; depth:13; endswith; nocase; http.host; content:"176.65.148.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603958/; classtype:trojan-activity;sid:84467058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"45.90.98.93"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603959/; classtype:trojan-activity;sid:84467059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"31.57.38.226"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603949/; classtype:trojan-activity;sid:84467049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"199.230.105.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603950/; classtype:trojan-activity;sid:84467050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/g"; depth:7; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603940/; classtype:trojan-activity;sid:84467040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.ppc"; depth:14; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603941/; classtype:trojan-activity;sid:84467041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.arm"; depth:14; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603942/; classtype:trojan-activity;sid:84467042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.spc"; depth:14; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603943/; classtype:trojan-activity;sid:84467043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.arm6"; depth:15; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603944/; classtype:trojan-activity;sid:84467044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.mpsl"; depth:15; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603945/; classtype:trojan-activity;sid:84467045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.arm7"; depth:15; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603946/; classtype:trojan-activity;sid:84467046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.mips"; depth:15; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603947/; classtype:trojan-activity;sid:84467047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/flow.arm5"; depth:15; endswith; nocase; http.host; content:"207.167.64.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603948/; classtype:trojan-activity;sid:84467048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbot/raw_cbot.exe"; depth:18; endswith; nocase; http.host; content:"103.67.244.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603939/; classtype:trojan-activity;sid:84467039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbot/svchost.exe"; depth:17; endswith; nocase; http.host; content:"103.163.119.83"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603937/; classtype:trojan-activity;sid:84467037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbot/java%20update%20scheduler%20(32%20bit).exe"; depth:48; endswith; nocase; http.host; content:"103.163.119.83"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603938/; classtype:trojan-activity;sid:84467038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbot/cbot_debug.exe"; depth:20; endswith; nocase; http.host; content:"103.67.244.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603932/; classtype:trojan-activity;sid:84467032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbot/build.exe"; depth:15; endswith; nocase; http.host; content:"103.163.119.83"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603933/; classtype:trojan-activity;sid:84467033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbot/raw_cbot_debug.exe"; depth:24; endswith; nocase; http.host; content:"103.67.244.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603934/; classtype:trojan-activity;sid:84467034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbot/cbot.exe"; depth:14; endswith; nocase; http.host; content:"103.67.244.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603935/; classtype:trojan-activity;sid:84467035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbot/cbot.exe"; depth:14; endswith; nocase; http.host; content:"103.163.119.83"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603936/; classtype:trojan-activity;sid:84467036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.14.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603931/; classtype:trojan-activity;sid:84467031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.php|3f|file=999.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603930/; classtype:trojan-activity;sid:84467030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.130.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603929/; classtype:trojan-activity;sid:84467029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.236.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603928/; classtype:trojan-activity;sid:84467028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.16.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603927/; classtype:trojan-activity;sid:84467027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.118.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603926/; classtype:trojan-activity;sid:84467026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.183.251"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603925/; classtype:trojan-activity;sid:84467025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.177.203"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603924/; classtype:trojan-activity;sid:84467024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wayne.sh"; depth:9; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603923/; classtype:trojan-activity;sid:84467023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603922/; classtype:trojan-activity;sid:84467022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603921/; classtype:trojan-activity;sid:84467021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603919/; classtype:trojan-activity;sid:84467019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603920/; classtype:trojan-activity;sid:84467020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603918/; classtype:trojan-activity;sid:84467018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603917/; classtype:trojan-activity;sid:84467017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603916/; classtype:trojan-activity;sid:84467016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603915/; classtype:trojan-activity;sid:84467015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.191.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603914/; classtype:trojan-activity;sid:84467014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603909/; classtype:trojan-activity;sid:84467009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6560547276/quqfyvu.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603910/; classtype:trojan-activity;sid:84467010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carlo.sh"; depth:9; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603911/; classtype:trojan-activity;sid:84467011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7887437310/yn4phc5.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603912/; classtype:trojan-activity;sid:84467012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v9d9d.exe"; depth:10; endswith; nocase; http.host; content:"94.154.35.103"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603913/; classtype:trojan-activity;sid:84467013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603908/; classtype:trojan-activity;sid:84467008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1781548144/ovzhpwp.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603907/; classtype:trojan-activity;sid:84467007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7425234736/k1zrikm.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603904/; classtype:trojan-activity;sid:84467004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6691015685/pu4yhra.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603905/; classtype:trojan-activity;sid:84467005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7956683102/ncbjb74.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603906/; classtype:trojan-activity;sid:84467006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper64.exe"; depth:14; endswith; nocase; http.host; content:"176.46.152.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603903/; classtype:trojan-activity;sid:84467003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.exe"; depth:6; endswith; nocase; http.host; content:"176.46.152.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603900/; classtype:trojan-activity;sid:84467000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.exe"; depth:6; endswith; nocase; http.host; content:"176.46.152.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603901/; classtype:trojan-activity;sid:84467001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.exe"; depth:6; endswith; nocase; http.host; content:"176.46.152.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603902/; classtype:trojan-activity;sid:84467002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.116"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603899/; classtype:trojan-activity;sid:84466999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.241.143.35"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603898/; classtype:trojan-activity;sid:84466998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.118.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603897/; classtype:trojan-activity;sid:84466997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.217.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603896/; classtype:trojan-activity;sid:84466996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.201.23"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603895/; classtype:trojan-activity;sid:84466995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.exe"; depth:6; endswith; nocase; http.host; content:"176.46.152.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603893/; classtype:trojan-activity;sid:84466993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.exe"; depth:6; endswith; nocase; http.host; content:"176.46.152.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603894/; classtype:trojan-activity;sid:84466994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.183.251"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603892/; classtype:trojan-activity;sid:84466992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.177.203"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603891/; classtype:trojan-activity;sid:84466991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.246.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603890/; classtype:trojan-activity;sid:84466990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.241.143.35"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603889/; classtype:trojan-activity;sid:84466989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.217.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603888/; classtype:trojan-activity;sid:84466988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.201.23"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603887/; classtype:trojan-activity;sid:84466987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.18.112"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603886/; classtype:trojan-activity;sid:84466986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netg"; depth:5; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603885/; classtype:trojan-activity;sid:84466985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.31.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603884/; classtype:trojan-activity;sid:84466984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.111.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603883/; classtype:trojan-activity;sid:84466983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.226.181"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603882/; classtype:trojan-activity;sid:84466982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603880/; classtype:trojan-activity;sid:84466980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603881/; classtype:trojan-activity;sid:84466981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603878/; classtype:trojan-activity;sid:84466978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603879/; classtype:trojan-activity;sid:84466979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603876/; classtype:trojan-activity;sid:84466976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603877/; classtype:trojan-activity;sid:84466977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603873/; classtype:trojan-activity;sid:84466973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603874/; classtype:trojan-activity;sid:84466974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603875/; classtype:trojan-activity;sid:84466975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603871/; classtype:trojan-activity;sid:84466971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603872/; classtype:trojan-activity;sid:84466972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"cnc.zinomc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603870/; classtype:trojan-activity;sid:84466970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.4.200"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603869/; classtype:trojan-activity;sid:84466969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603867/; classtype:trojan-activity;sid:84466967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603868/; classtype:trojan-activity;sid:84466968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603866/; classtype:trojan-activity;sid:84466966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.106"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603858/; classtype:trojan-activity;sid:84466958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603859/; classtype:trojan-activity;sid:84466959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603860/; classtype:trojan-activity;sid:84466960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603861/; classtype:trojan-activity;sid:84466961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603862/; classtype:trojan-activity;sid:84466962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603863/; classtype:trojan-activity;sid:84466963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603864/; classtype:trojan-activity;sid:84466964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603865/; classtype:trojan-activity;sid:84466965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.31.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603857/; classtype:trojan-activity;sid:84466957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k-68xxx"; depth:11; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603856/; classtype:trojan-activity;sid:84466956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh.sh"; depth:6; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603855/; classtype:trojan-activity;sid:84466955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.138.231.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603854/; classtype:trojan-activity;sid:84466954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.146.245.245"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603852/; classtype:trojan-activity;sid:84466952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.168.230.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603853/; classtype:trojan-activity;sid:84466953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603843/; classtype:trojan-activity;sid:84466943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603844/; classtype:trojan-activity;sid:84466944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603845/; classtype:trojan-activity;sid:84466945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603846/; classtype:trojan-activity;sid:84466946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603847/; classtype:trojan-activity;sid:84466947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.153.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603848/; classtype:trojan-activity;sid:84466948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.53.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603849/; classtype:trojan-activity;sid:84466949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603850/; classtype:trojan-activity;sid:84466950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603851/; classtype:trojan-activity;sid:84466951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh.sh"; depth:6; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603840/; classtype:trojan-activity;sid:84466940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh.sh"; depth:6; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603841/; classtype:trojan-activity;sid:84466941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh.sh"; depth:6; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603842/; classtype:trojan-activity;sid:84466942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64.dbg"; depth:11; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603838/; classtype:trojan-activity;sid:84466938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603839/; classtype:trojan-activity;sid:84466939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603835/; classtype:trojan-activity;sid:84466935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603836/; classtype:trojan-activity;sid:84466936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64.dbg"; depth:11; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603837/; classtype:trojan-activity;sid:84466937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603813/; classtype:trojan-activity;sid:84466913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh-sh4"; depth:7; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603814/; classtype:trojan-activity;sid:84466914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603815/; classtype:trojan-activity;sid:84466915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603816/; classtype:trojan-activity;sid:84466916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603817/; classtype:trojan-activity;sid:84466917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603818/; classtype:trojan-activity;sid:84466918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64be"; depth:10; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603819/; classtype:trojan-activity;sid:84466919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k-68xxx"; depth:11; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603820/; classtype:trojan-activity;sid:84466920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603821/; classtype:trojan-activity;sid:84466921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc-440fp"; depth:14; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603822/; classtype:trojan-activity;sid:84466922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603823/; classtype:trojan-activity;sid:84466923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microblazebe"; depth:13; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603824/; classtype:trojan-activity;sid:84466924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603825/; classtype:trojan-activity;sid:84466925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603826/; classtype:trojan-activity;sid:84466926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microblazebe"; depth:13; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603827/; classtype:trojan-activity;sid:84466927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603828/; classtype:trojan-activity;sid:84466928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603829/; classtype:trojan-activity;sid:84466929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603830/; classtype:trojan-activity;sid:84466930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603831/; classtype:trojan-activity;sid:84466931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microblazebe"; depth:13; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603832/; classtype:trojan-activity;sid:84466932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcle-750d"; depth:11; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603833/; classtype:trojan-activity;sid:84466933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64.dbg"; depth:11; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603834/; classtype:trojan-activity;sid:84466934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86-64"; depth:7; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603811/; classtype:trojan-activity;sid:84466911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64be"; depth:10; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603812/; classtype:trojan-activity;sid:84466912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcle-hs38"; depth:11; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603810/; classtype:trojan-activity;sid:84466910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603805/; classtype:trojan-activity;sid:84466905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603806/; classtype:trojan-activity;sid:84466906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603807/; classtype:trojan-activity;sid:84466907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603808/; classtype:trojan-activity;sid:84466908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603809/; classtype:trojan-activity;sid:84466909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcle-hs38"; depth:11; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603803/; classtype:trojan-activity;sid:84466903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603804/; classtype:trojan-activity;sid:84466904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603792/; classtype:trojan-activity;sid:84466892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603793/; classtype:trojan-activity;sid:84466893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh-sh4"; depth:7; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603794/; classtype:trojan-activity;sid:84466894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603795/; classtype:trojan-activity;sid:84466895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86-64"; depth:7; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603796/; classtype:trojan-activity;sid:84466896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603797/; classtype:trojan-activity;sid:84466897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcle-hs38"; depth:11; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603798/; classtype:trojan-activity;sid:84466898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603799/; classtype:trojan-activity;sid:84466899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603800/; classtype:trojan-activity;sid:84466900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603801/; classtype:trojan-activity;sid:84466901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcle-750d"; depth:11; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603802/; classtype:trojan-activity;sid:84466902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc-440fp"; depth:14; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603791/; classtype:trojan-activity;sid:84466891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603788/; classtype:trojan-activity;sid:84466888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcle-750d"; depth:11; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603789/; classtype:trojan-activity;sid:84466889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86-64"; depth:7; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603790/; classtype:trojan-activity;sid:84466890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603786/; classtype:trojan-activity;sid:84466886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64.dbg"; depth:11; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603787/; classtype:trojan-activity;sid:84466887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc-440fp"; depth:14; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603756/; classtype:trojan-activity;sid:84466856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microblazeel"; depth:13; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603757/; classtype:trojan-activity;sid:84466857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603758/; classtype:trojan-activity;sid:84466858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603759/; classtype:trojan-activity;sid:84466859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603760/; classtype:trojan-activity;sid:84466860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microblazeel"; depth:13; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603761/; classtype:trojan-activity;sid:84466861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603762/; classtype:trojan-activity;sid:84466862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603763/; classtype:trojan-activity;sid:84466863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603764/; classtype:trojan-activity;sid:84466864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k-68xxx"; depth:11; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603765/; classtype:trojan-activity;sid:84466865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcle-750d"; depth:11; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603766/; classtype:trojan-activity;sid:84466866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603767/; classtype:trojan-activity;sid:84466867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603768/; classtype:trojan-activity;sid:84466868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86-64"; depth:7; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603769/; classtype:trojan-activity;sid:84466869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh-sh4"; depth:7; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603770/; classtype:trojan-activity;sid:84466870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603771/; classtype:trojan-activity;sid:84466871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc-440fp"; depth:14; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603772/; classtype:trojan-activity;sid:84466872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh-sh4"; depth:7; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603773/; classtype:trojan-activity;sid:84466873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603774/; classtype:trojan-activity;sid:84466874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603775/; classtype:trojan-activity;sid:84466875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603776/; classtype:trojan-activity;sid:84466876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603777/; classtype:trojan-activity;sid:84466877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k-68xxx"; depth:11; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603778/; classtype:trojan-activity;sid:84466878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603779/; classtype:trojan-activity;sid:84466879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microblazebe"; depth:13; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603780/; classtype:trojan-activity;sid:84466880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603781/; classtype:trojan-activity;sid:84466881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microblazeel"; depth:13; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603782/; classtype:trojan-activity;sid:84466882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcle-hs38"; depth:11; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603783/; classtype:trojan-activity;sid:84466883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603784/; classtype:trojan-activity;sid:84466884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microblazeel"; depth:13; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603785/; classtype:trojan-activity;sid:84466885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603755/; classtype:trojan-activity;sid:84466855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603754/; classtype:trojan-activity;sid:84466854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603750/; classtype:trojan-activity;sid:84466850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603751/; classtype:trojan-activity;sid:84466851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603752/; classtype:trojan-activity;sid:84466852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603753/; classtype:trojan-activity;sid:84466853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603749/; classtype:trojan-activity;sid:84466849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64be"; depth:10; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603747/; classtype:trojan-activity;sid:84466847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64be"; depth:10; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603748/; classtype:trojan-activity;sid:84466848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"autoconfig.mestierecolombia.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603742/; classtype:trojan-activity;sid:84466842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603743/; classtype:trojan-activity;sid:84466843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603744/; classtype:trojan-activity;sid:84466844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"mail.mestierecolombia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603745/; classtype:trojan-activity;sid:84466845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"turkishzenci.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603746/; classtype:trojan-activity;sid:84466846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"autodiscover.mestierecolombia.com"; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603741/; classtype:trojan-activity;sid:84466841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.11.183"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603740/; classtype:trojan-activity;sid:84466840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.146.245.245"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603739/; classtype:trojan-activity;sid:84466839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.6.151.111"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603737/; classtype:trojan-activity;sid:84466837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh.sh"; depth:6; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603738/; classtype:trojan-activity;sid:84466838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k-68xxx"; depth:11; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603732/; classtype:trojan-activity;sid:84466832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microblazebe"; depth:13; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603733/; classtype:trojan-activity;sid:84466833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcle-hs38"; depth:11; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603734/; classtype:trojan-activity;sid:84466834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microblazeel"; depth:13; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603735/; classtype:trojan-activity;sid:84466835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64be"; depth:10; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603736/; classtype:trojan-activity;sid:84466836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcle-750d"; depth:11; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603731/; classtype:trojan-activity;sid:84466831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh-sh4"; depth:7; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603726/; classtype:trojan-activity;sid:84466826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc-440fp"; depth:14; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603727/; classtype:trojan-activity;sid:84466827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86-64"; depth:7; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603728/; classtype:trojan-activity;sid:84466828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603729/; classtype:trojan-activity;sid:84466829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64.dbg"; depth:11; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603730/; classtype:trojan-activity;sid:84466830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.115.165"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603725/; classtype:trojan-activity;sid:84466825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.123.14"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603724/; classtype:trojan-activity;sid:84466824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.83.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603723/; classtype:trojan-activity;sid:84466823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.6.151.111"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603722/; classtype:trojan-activity;sid:84466822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.53.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603721/; classtype:trojan-activity;sid:84466821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.112.142"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603720/; classtype:trojan-activity;sid:84466820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.147.11"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603719/; classtype:trojan-activity;sid:84466819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.153.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603718/; classtype:trojan-activity;sid:84466818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.211.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603717/; classtype:trojan-activity;sid:84466817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.111.138"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603716/; classtype:trojan-activity;sid:84466816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.67.110"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603715/; classtype:trojan-activity;sid:84466815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.152.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603714/; classtype:trojan-activity;sid:84466814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.83.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603713/; classtype:trojan-activity;sid:84466813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.85.126"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603712/; classtype:trojan-activity;sid:84466812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.243.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603711/; classtype:trojan-activity;sid:84466811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.11.183"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603710/; classtype:trojan-activity;sid:84466810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.147.11"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603709/; classtype:trojan-activity;sid:84466809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.111.138"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603708/; classtype:trojan-activity;sid:84466808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.152.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603707/; classtype:trojan-activity;sid:84466807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.181.75"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603706/; classtype:trojan-activity;sid:84466806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.67.110"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603705/; classtype:trojan-activity;sid:84466805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.85.126"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603704/; classtype:trojan-activity;sid:84466804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603702/; classtype:trojan-activity;sid:84466802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603703/; classtype:trojan-activity;sid:84466803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603701/; classtype:trojan-activity;sid:84466801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603698/; classtype:trojan-activity;sid:84466798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603699/; classtype:trojan-activity;sid:84466799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603700/; classtype:trojan-activity;sid:84466800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603697/; classtype:trojan-activity;sid:84466797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603690/; classtype:trojan-activity;sid:84466790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603691/; classtype:trojan-activity;sid:84466791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603692/; classtype:trojan-activity;sid:84466792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603693/; classtype:trojan-activity;sid:84466793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603694/; classtype:trojan-activity;sid:84466794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603695/; classtype:trojan-activity;sid:84466795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"89.213.174.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603696/; classtype:trojan-activity;sid:84466796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603689/; classtype:trojan-activity;sid:84466789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.115.247"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603688/; classtype:trojan-activity;sid:84466788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.244.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603687/; classtype:trojan-activity;sid:84466787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.133.100"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603686/; classtype:trojan-activity;sid:84466786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.107.166"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603684/; classtype:trojan-activity;sid:84466784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.98.145"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603685/; classtype:trojan-activity;sid:84466785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.35.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603683/; classtype:trojan-activity;sid:84466783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.12.165"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603682/; classtype:trojan-activity;sid:84466782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.161.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603681/; classtype:trojan-activity;sid:84466781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.53.131"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603680/; classtype:trojan-activity;sid:84466780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.154.118.137"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603679/; classtype:trojan-activity;sid:84466779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.211.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603678/; classtype:trojan-activity;sid:84466778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.231.235"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603677/; classtype:trojan-activity;sid:84466777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.53.131"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603676/; classtype:trojan-activity;sid:84466776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.77.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603675/; classtype:trojan-activity;sid:84466775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.191.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603674/; classtype:trojan-activity;sid:84466774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.154.118.137"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603673/; classtype:trojan-activity;sid:84466773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603672/; classtype:trojan-activity;sid:84466772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.231.235"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603671/; classtype:trojan-activity;sid:84466771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.77.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603670/; classtype:trojan-activity;sid:84466770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.191.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603669/; classtype:trojan-activity;sid:84466769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603668/; classtype:trojan-activity;sid:84466768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.85.61.196"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603667/; classtype:trojan-activity;sid:84466767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.246.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603666/; classtype:trojan-activity;sid:84466766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.31.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603665/; classtype:trojan-activity;sid:84466765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.224.238"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603664/; classtype:trojan-activity;sid:84466764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.129.115"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603663/; classtype:trojan-activity;sid:84466763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.250.224"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603662/; classtype:trojan-activity;sid:84466762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.201.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603661/; classtype:trojan-activity;sid:84466761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.107.116"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603660/; classtype:trojan-activity;sid:84466760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.224.238"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603659/; classtype:trojan-activity;sid:84466759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.136.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603658/; classtype:trojan-activity;sid:84466758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.30.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603657/; classtype:trojan-activity;sid:84466757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.250.224"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603656/; classtype:trojan-activity;sid:84466756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.246.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603655/; classtype:trojan-activity;sid:84466755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.136.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603654/; classtype:trojan-activity;sid:84466754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.160.171.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603653/; classtype:trojan-activity;sid:84466753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.0.143"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603652/; classtype:trojan-activity;sid:84466752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.201.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603651/; classtype:trojan-activity;sid:84466751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.179.22"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603650/; classtype:trojan-activity;sid:84466750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.81.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603649/; classtype:trojan-activity;sid:84466749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603648/; classtype:trojan-activity;sid:84466748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.162.39.252"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603647/; classtype:trojan-activity;sid:84466747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.181.75"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603646/; classtype:trojan-activity;sid:84466746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.5.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603645/; classtype:trojan-activity;sid:84466745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603644/; classtype:trojan-activity;sid:84466744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.208.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603643/; classtype:trojan-activity;sid:84466743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.54.197"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603642/; classtype:trojan-activity;sid:84466742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.200.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603641/; classtype:trojan-activity;sid:84466741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.83.98"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603640/; classtype:trojan-activity;sid:84466740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.81.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603639/; classtype:trojan-activity;sid:84466739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.82.183"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603638/; classtype:trojan-activity;sid:84466738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.208.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603637/; classtype:trojan-activity;sid:84466737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.83.98"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603636/; classtype:trojan-activity;sid:84466736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.68.216"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603635/; classtype:trojan-activity;sid:84466735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.141.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603633/; classtype:trojan-activity;sid:84466733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.5.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603634/; classtype:trojan-activity;sid:84466734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.82.183"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603632/; classtype:trojan-activity;sid:84466732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.10.169"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603631/; classtype:trojan-activity;sid:84466731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.211.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603630/; classtype:trojan-activity;sid:84466730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.89.120"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603629/; classtype:trojan-activity;sid:84466729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.139.129"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603628/; classtype:trojan-activity;sid:84466728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.129"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603626/; classtype:trojan-activity;sid:84466726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.136.138"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603627/; classtype:trojan-activity;sid:84466727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.7.205"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603625/; classtype:trojan-activity;sid:84466725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.93.95.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603624/; classtype:trojan-activity;sid:84466724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.10.169"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603623/; classtype:trojan-activity;sid:84466723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.114.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603622/; classtype:trojan-activity;sid:84466722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.114.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603621/; classtype:trojan-activity;sid:84466721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.211.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603620/; classtype:trojan-activity;sid:84466720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.136.138"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603619/; classtype:trojan-activity;sid:84466719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.130.108"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603618/; classtype:trojan-activity;sid:84466718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.93.95.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603617/; classtype:trojan-activity;sid:84466717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.199.85"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603616/; classtype:trojan-activity;sid:84466716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.139.129"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603615/; classtype:trojan-activity;sid:84466715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.89.100.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603614/; classtype:trojan-activity;sid:84466714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.14.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603613/; classtype:trojan-activity;sid:84466713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.137.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603612/; classtype:trojan-activity;sid:84466712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603610/; classtype:trojan-activity;sid:84466710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603611/; classtype:trojan-activity;sid:84466711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603609/; classtype:trojan-activity;sid:84466709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603606/; classtype:trojan-activity;sid:84466706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603607/; classtype:trojan-activity;sid:84466707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"121.127.231.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603608/; classtype:trojan-activity;sid:84466708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603595/; classtype:trojan-activity;sid:84466695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603596/; classtype:trojan-activity;sid:84466696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603597/; classtype:trojan-activity;sid:84466697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603598/; classtype:trojan-activity;sid:84466698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603599/; classtype:trojan-activity;sid:84466699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603600/; classtype:trojan-activity;sid:84466700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603601/; classtype:trojan-activity;sid:84466701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603602/; classtype:trojan-activity;sid:84466702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603603/; classtype:trojan-activity;sid:84466703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603604/; classtype:trojan-activity;sid:84466704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603605/; classtype:trojan-activity;sid:84466705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.130.108"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603594/; classtype:trojan-activity;sid:84466694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.114.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603593/; classtype:trojan-activity;sid:84466693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.124.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603592/; classtype:trojan-activity;sid:84466692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.192.32"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603591/; classtype:trojan-activity;sid:84466691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.52.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603589/; classtype:trojan-activity;sid:84466689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.200.108"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603590/; classtype:trojan-activity;sid:84466690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.55.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603588/; classtype:trojan-activity;sid:84466688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603587/; classtype:trojan-activity;sid:84466687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.222.221"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603586/; classtype:trojan-activity;sid:84466686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"103.67.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603585/; classtype:trojan-activity;sid:84466685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_mips64"; depth:15; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603584/; classtype:trojan-activity;sid:84466684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.199.85"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603583/; classtype:trojan-activity;sid:84466683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_arm7"; depth:13; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603582/; classtype:trojan-activity;sid:84466682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt10"; depth:7; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603579/; classtype:trojan-activity;sid:84466679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.156.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603580/; classtype:trojan-activity;sid:84466680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603581/; classtype:trojan-activity;sid:84466681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_mips64_softfloat"; depth:25; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603573/; classtype:trojan-activity;sid:84466673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603574/; classtype:trojan-activity;sid:84466674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_arm5"; depth:13; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603575/; classtype:trojan-activity;sid:84466675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603576/; classtype:trojan-activity;sid:84466676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603577/; classtype:trojan-activity;sid:84466677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603578/; classtype:trojan-activity;sid:84466678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt7"; depth:6; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603568/; classtype:trojan-activity;sid:84466668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.33.79"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603569/; classtype:trojan-activity;sid:84466669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt1"; depth:6; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603570/; classtype:trojan-activity;sid:84466670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603571/; classtype:trojan-activity;sid:84466671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603572/; classtype:trojan-activity;sid:84466672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603564/; classtype:trojan-activity;sid:84466664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_mipsel_softfloat"; depth:25; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603565/; classtype:trojan-activity;sid:84466665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603566/; classtype:trojan-activity;sid:84466666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603567/; classtype:trojan-activity;sid:84466667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603554/; classtype:trojan-activity;sid:84466654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603555/; classtype:trojan-activity;sid:84466655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603556/; classtype:trojan-activity;sid:84466656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"2-7smhsud1cgid1ti7.izumisv1.cc"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603557/; classtype:trojan-activity;sid:84466657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603558/; classtype:trojan-activity;sid:84466658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603559/; classtype:trojan-activity;sid:84466659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603560/; classtype:trojan-activity;sid:84466660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"2-7smhsud1cgid1ti7.izumisv1.cc"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603561/; classtype:trojan-activity;sid:84466661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"5-bkywlqbncj6bgnx7.izumisv1.cc"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603562/; classtype:trojan-activity;sid:84466662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603563/; classtype:trojan-activity;sid:84466663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603546/; classtype:trojan-activity;sid:84466646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"4-foiqag7r50tqmfjf.izumisv1.cc"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603547/; classtype:trojan-activity;sid:84466647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603548/; classtype:trojan-activity;sid:84466648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603549/; classtype:trojan-activity;sid:84466649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603550/; classtype:trojan-activity;sid:84466650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603551/; classtype:trojan-activity;sid:84466651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603552/; classtype:trojan-activity;sid:84466652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_mipsel"; depth:15; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603553/; classtype:trojan-activity;sid:84466653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603542/; classtype:trojan-activity;sid:84466642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603543/; classtype:trojan-activity;sid:84466643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603544/; classtype:trojan-activity;sid:84466644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_mips64el"; depth:17; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603545/; classtype:trojan-activity;sid:84466645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_arm64"; depth:14; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603540/; classtype:trojan-activity;sid:84466640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.124.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603541/; classtype:trojan-activity;sid:84466641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603539/; classtype:trojan-activity;sid:84466639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_mips_softfloat"; depth:23; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603538/; classtype:trojan-activity;sid:84466638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603532/; classtype:trojan-activity;sid:84466632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603533/; classtype:trojan-activity;sid:84466633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603534/; classtype:trojan-activity;sid:84466634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt6"; depth:6; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603535/; classtype:trojan-activity;sid:84466635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603536/; classtype:trojan-activity;sid:84466636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_ppc64"; depth:14; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603537/; classtype:trojan-activity;sid:84466637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/s.sh"; depth:7; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603525/; classtype:trojan-activity;sid:84466625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt4"; depth:6; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603526/; classtype:trojan-activity;sid:84466626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603527/; classtype:trojan-activity;sid:84466627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt2"; depth:6; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603528/; classtype:trojan-activity;sid:84466628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603529/; classtype:trojan-activity;sid:84466629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603530/; classtype:trojan-activity;sid:84466630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt12"; depth:7; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603531/; classtype:trojan-activity;sid:84466631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603524/; classtype:trojan-activity;sid:84466624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.sh"; depth:5; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603521/; classtype:trojan-activity;sid:84466621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_amd64"; depth:14; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603522/; classtype:trojan-activity;sid:84466622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603523/; classtype:trojan-activity;sid:84466623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603503/; classtype:trojan-activity;sid:84466603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_mips64el_softfloat"; depth:27; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603504/; classtype:trojan-activity;sid:84466604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt8"; depth:6; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603505/; classtype:trojan-activity;sid:84466605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt5"; depth:6; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603506/; classtype:trojan-activity;sid:84466606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603507/; classtype:trojan-activity;sid:84466607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603508/; classtype:trojan-activity;sid:84466608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603509/; classtype:trojan-activity;sid:84466609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_ppc64el"; depth:16; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603510/; classtype:trojan-activity;sid:84466610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_mips"; depth:13; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603511/; classtype:trojan-activity;sid:84466611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_arm6"; depth:13; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603512/; classtype:trojan-activity;sid:84466612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603513/; classtype:trojan-activity;sid:84466613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603514/; classtype:trojan-activity;sid:84466614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603515/; classtype:trojan-activity;sid:84466615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603516/; classtype:trojan-activity;sid:84466616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"5-bkywlqbncj6bgnx7.izumisv1.cc"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603517/; classtype:trojan-activity;sid:84466617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"3-vth7ovy61jx3rw81.izumisv1.cc"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603518/; classtype:trojan-activity;sid:84466618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"4-foiqag7r50tqmfjf.izumisv1.cc"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603519/; classtype:trojan-activity;sid:84466619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"1-x0puwht74wwurxbd.izumisv1.cc"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603520/; classtype:trojan-activity;sid:84466620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603497/; classtype:trojan-activity;sid:84466597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603498/; classtype:trojan-activity;sid:84466598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/linux_386"; depth:12; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603499/; classtype:trojan-activity;sid:84466599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"3-vth7ovy61jx3rw81.izumisv1.cc"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603500/; classtype:trojan-activity;sid:84466600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/kt3"; depth:6; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603501/; classtype:trojan-activity;sid:84466601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"1-x0puwht74wwurxbd.izumisv1.cc"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603502/; classtype:trojan-activity;sid:84466602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603492/; classtype:trojan-activity;sid:84466592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603493/; classtype:trojan-activity;sid:84466593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603494/; classtype:trojan-activity;sid:84466594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603495/; classtype:trojan-activity;sid:84466595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603496/; classtype:trojan-activity;sid:84466596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.txt"; depth:6; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603490/; classtype:trojan-activity;sid:84466590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"nl-02.fusiora.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603491/; classtype:trojan-activity;sid:84466591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603489/; classtype:trojan-activity;sid:84466589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.sh"; depth:5; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603486/; classtype:trojan-activity;sid:84466586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kt1"; depth:4; endswith; nocase; http.host; content:"144.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603487/; classtype:trojan-activity;sid:84466587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603488/; classtype:trojan-activity;sid:84466588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"82.22.200.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603485/; classtype:trojan-activity;sid:84466585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603475/; classtype:trojan-activity;sid:84466575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603476/; classtype:trojan-activity;sid:84466576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603477/; classtype:trojan-activity;sid:84466577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603478/; classtype:trojan-activity;sid:84466578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603479/; classtype:trojan-activity;sid:84466579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603480/; classtype:trojan-activity;sid:84466580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"89.35.130.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603481/; classtype:trojan-activity;sid:84466581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603482/; classtype:trojan-activity;sid:84466582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603483/; classtype:trojan-activity;sid:84466583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603484/; classtype:trojan-activity;sid:84466584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"178.215.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603474/; classtype:trojan-activity;sid:84466574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603467/; classtype:trojan-activity;sid:84466567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603468/; classtype:trojan-activity;sid:84466568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603469/; classtype:trojan-activity;sid:84466569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603470/; classtype:trojan-activity;sid:84466570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603471/; classtype:trojan-activity;sid:84466571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603472/; classtype:trojan-activity;sid:84466572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603473/; classtype:trojan-activity;sid:84466573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603464/; classtype:trojan-activity;sid:84466564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603465/; classtype:trojan-activity;sid:84466565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603466/; classtype:trojan-activity;sid:84466566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603463/; classtype:trojan-activity;sid:84466563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603451/; classtype:trojan-activity;sid:84466551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603452/; classtype:trojan-activity;sid:84466552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603453/; classtype:trojan-activity;sid:84466553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603454/; classtype:trojan-activity;sid:84466554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603455/; classtype:trojan-activity;sid:84466555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603456/; classtype:trojan-activity;sid:84466556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603457/; classtype:trojan-activity;sid:84466557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603458/; classtype:trojan-activity;sid:84466558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603459/; classtype:trojan-activity;sid:84466559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603460/; classtype:trojan-activity;sid:84466560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603461/; classtype:trojan-activity;sid:84466561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603462/; classtype:trojan-activity;sid:84466562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603450/; classtype:trojan-activity;sid:84466550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603447/; classtype:trojan-activity;sid:84466547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603448/; classtype:trojan-activity;sid:84466548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603449/; classtype:trojan-activity;sid:84466549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603438/; classtype:trojan-activity;sid:84466538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603439/; classtype:trojan-activity;sid:84466539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603440/; classtype:trojan-activity;sid:84466540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603441/; classtype:trojan-activity;sid:84466541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603442/; classtype:trojan-activity;sid:84466542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603443/; classtype:trojan-activity;sid:84466543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603444/; classtype:trojan-activity;sid:84466544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603445/; classtype:trojan-activity;sid:84466545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603446/; classtype:trojan-activity;sid:84466546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603431/; classtype:trojan-activity;sid:84466531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603432/; classtype:trojan-activity;sid:84466532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603433/; classtype:trojan-activity;sid:84466533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603434/; classtype:trojan-activity;sid:84466534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603435/; classtype:trojan-activity;sid:84466535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603436/; classtype:trojan-activity;sid:84466536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603437/; classtype:trojan-activity;sid:84466537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603423/; classtype:trojan-activity;sid:84466523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603424/; classtype:trojan-activity;sid:84466524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603425/; classtype:trojan-activity;sid:84466525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603426/; classtype:trojan-activity;sid:84466526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603427/; classtype:trojan-activity;sid:84466527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603428/; classtype:trojan-activity;sid:84466528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603429/; classtype:trojan-activity;sid:84466529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603430/; classtype:trojan-activity;sid:84466530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603419/; classtype:trojan-activity;sid:84466519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603420/; classtype:trojan-activity;sid:84466520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603421/; classtype:trojan-activity;sid:84466521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603422/; classtype:trojan-activity;sid:84466522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603418/; classtype:trojan-activity;sid:84466518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603417/; classtype:trojan-activity;sid:84466517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603404/; classtype:trojan-activity;sid:84466504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603405/; classtype:trojan-activity;sid:84466505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603406/; classtype:trojan-activity;sid:84466506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603407/; classtype:trojan-activity;sid:84466507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603408/; classtype:trojan-activity;sid:84466508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603409/; classtype:trojan-activity;sid:84466509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603410/; classtype:trojan-activity;sid:84466510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603411/; classtype:trojan-activity;sid:84466511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603412/; classtype:trojan-activity;sid:84466512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603413/; classtype:trojan-activity;sid:84466513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603414/; classtype:trojan-activity;sid:84466514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603415/; classtype:trojan-activity;sid:84466515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603416/; classtype:trojan-activity;sid:84466516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603388/; classtype:trojan-activity;sid:84466488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603389/; classtype:trojan-activity;sid:84466489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603390/; classtype:trojan-activity;sid:84466490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603391/; classtype:trojan-activity;sid:84466491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603392/; classtype:trojan-activity;sid:84466492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603393/; classtype:trojan-activity;sid:84466493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603394/; classtype:trojan-activity;sid:84466494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603395/; classtype:trojan-activity;sid:84466495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603396/; classtype:trojan-activity;sid:84466496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603397/; classtype:trojan-activity;sid:84466497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603398/; classtype:trojan-activity;sid:84466498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603399/; classtype:trojan-activity;sid:84466499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603400/; classtype:trojan-activity;sid:84466500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603401/; classtype:trojan-activity;sid:84466501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603402/; classtype:trojan-activity;sid:84466502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603403/; classtype:trojan-activity;sid:84466503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603386/; classtype:trojan-activity;sid:84466486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603387/; classtype:trojan-activity;sid:84466487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603385/; classtype:trojan-activity;sid:84466485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603384/; classtype:trojan-activity;sid:84466484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603382/; classtype:trojan-activity;sid:84466482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603383/; classtype:trojan-activity;sid:84466483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603380/; classtype:trojan-activity;sid:84466480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603381/; classtype:trojan-activity;sid:84466481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603379/; classtype:trojan-activity;sid:84466479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603374/; classtype:trojan-activity;sid:84466474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603375/; classtype:trojan-activity;sid:84466475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603376/; classtype:trojan-activity;sid:84466476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603377/; classtype:trojan-activity;sid:84466477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603378/; classtype:trojan-activity;sid:84466478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603361/; classtype:trojan-activity;sid:84466461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603362/; classtype:trojan-activity;sid:84466462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603363/; classtype:trojan-activity;sid:84466463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603364/; classtype:trojan-activity;sid:84466464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603365/; classtype:trojan-activity;sid:84466465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603366/; classtype:trojan-activity;sid:84466466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603367/; classtype:trojan-activity;sid:84466467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603368/; classtype:trojan-activity;sid:84466468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603369/; classtype:trojan-activity;sid:84466469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603370/; classtype:trojan-activity;sid:84466470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603371/; classtype:trojan-activity;sid:84466471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603372/; classtype:trojan-activity;sid:84466472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603373/; classtype:trojan-activity;sid:84466473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603359/; classtype:trojan-activity;sid:84466459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603360/; classtype:trojan-activity;sid:84466460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603354/; classtype:trojan-activity;sid:84466454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603355/; classtype:trojan-activity;sid:84466455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603356/; classtype:trojan-activity;sid:84466456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603357/; classtype:trojan-activity;sid:84466457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603358/; classtype:trojan-activity;sid:84466458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603352/; classtype:trojan-activity;sid:84466452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603353/; classtype:trojan-activity;sid:84466453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603348/; classtype:trojan-activity;sid:84466448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603349/; classtype:trojan-activity;sid:84466449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603350/; classtype:trojan-activity;sid:84466450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603351/; classtype:trojan-activity;sid:84466451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603345/; classtype:trojan-activity;sid:84466445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603346/; classtype:trojan-activity;sid:84466446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603347/; classtype:trojan-activity;sid:84466447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603335/; classtype:trojan-activity;sid:84466435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603336/; classtype:trojan-activity;sid:84466436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603337/; classtype:trojan-activity;sid:84466437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603338/; classtype:trojan-activity;sid:84466438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603339/; classtype:trojan-activity;sid:84466439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603340/; classtype:trojan-activity;sid:84466440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603341/; classtype:trojan-activity;sid:84466441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603342/; classtype:trojan-activity;sid:84466442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603343/; classtype:trojan-activity;sid:84466443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603344/; classtype:trojan-activity;sid:84466444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603322/; classtype:trojan-activity;sid:84466422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603323/; classtype:trojan-activity;sid:84466423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603324/; classtype:trojan-activity;sid:84466424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"node6850.xintzy-private.pteroweb.my.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603325/; classtype:trojan-activity;sid:84466425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603326/; classtype:trojan-activity;sid:84466426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603327/; classtype:trojan-activity;sid:84466427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"node3631.xintzy-privat.vipserver.web.id"; depth:39; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603328/; classtype:trojan-activity;sid:84466428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603329/; classtype:trojan-activity;sid:84466429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"xintzy-privat.vipserver.web.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603330/; classtype:trojan-activity;sid:84466430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603331/; classtype:trojan-activity;sid:84466431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603332/; classtype:trojan-activity;sid:84466432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603333/; classtype:trojan-activity;sid:84466433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"node7508.xintzy-store.vipserver.web.id"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603334/; classtype:trojan-activity;sid:84466434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"mrst2020.mse.mcut.edu.tw"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603320/; classtype:trojan-activity;sid:84466420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"xintzy-privatee.pteroweb.my.id"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603321/; classtype:trojan-activity;sid:84466421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603318/; classtype:trojan-activity;sid:84466418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603319/; classtype:trojan-activity;sid:84466419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603315/; classtype:trojan-activity;sid:84466415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"fleek.ensuser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603316/; classtype:trojan-activity;sid:84466416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"xintzy-store.vipserver.web.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603317/; classtype:trojan-activity;sid:84466417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603311/; classtype:trojan-activity;sid:84466411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"165.22.54.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603312/; classtype:trojan-activity;sid:84466412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"xintzyhost.pteroweb.my.id"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603313/; classtype:trojan-activity;sid:84466413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"xintzy-private.pteroweb.my.id"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603314/; classtype:trojan-activity;sid:84466414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.254.205"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603310/; classtype:trojan-activity;sid:84466410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603309/; classtype:trojan-activity;sid:84466409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603308/; classtype:trojan-activity;sid:84466408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603306/; classtype:trojan-activity;sid:84466406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603307/; classtype:trojan-activity;sid:84466407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603305/; classtype:trojan-activity;sid:84466405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603304/; classtype:trojan-activity;sid:84466404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603302/; classtype:trojan-activity;sid:84466402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arc"; depth:25; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603303/; classtype:trojan-activity;sid:84466403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603300/; classtype:trojan-activity;sid:84466400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.130.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603301/; classtype:trojan-activity;sid:84466401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603293/; classtype:trojan-activity;sid:84466393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603294/; classtype:trojan-activity;sid:84466394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603295/; classtype:trojan-activity;sid:84466395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/debug"; depth:21; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603296/; classtype:trojan-activity;sid:84466396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603297/; classtype:trojan-activity;sid:84466397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603298/; classtype:trojan-activity;sid:84466398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"45.156.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603299/; classtype:trojan-activity;sid:84466399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.33.79"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603292/; classtype:trojan-activity;sid:84466392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.114.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603291/; classtype:trojan-activity;sid:84466391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.78.5"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603290/; classtype:trojan-activity;sid:84466390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.160.171.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603289/; classtype:trojan-activity;sid:84466389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.m68k"; depth:13; endswith; nocase; http.host; content:"845918-gemini.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603288/; classtype:trojan-activity;sid:84466388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.166.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603287/; classtype:trojan-activity;sid:84466387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.166.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603285/; classtype:trojan-activity;sid:84466385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.156.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603286/; classtype:trojan-activity;sid:84466386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mips"; depth:13; endswith; nocase; http.host; content:"www.gov-gr.me"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603283/; classtype:trojan-activity;sid:84466383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm7"; depth:13; endswith; nocase; http.host; content:"gov-gr.me"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603284/; classtype:trojan-activity;sid:84466384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm5"; depth:13; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603282/; classtype:trojan-activity;sid:84466382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm7"; depth:13; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603281/; classtype:trojan-activity;sid:84466381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.x86"; depth:12; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603279/; classtype:trojan-activity;sid:84466379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.m68k"; depth:13; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603280/; classtype:trojan-activity;sid:84466380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm5"; depth:13; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603277/; classtype:trojan-activity;sid:84466377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.spc"; depth:12; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603278/; classtype:trojan-activity;sid:84466378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.sh4"; depth:12; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603272/; classtype:trojan-activity;sid:84466372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm6"; depth:13; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603273/; classtype:trojan-activity;sid:84466373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm5"; depth:13; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603274/; classtype:trojan-activity;sid:84466374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm5"; depth:13; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603275/; classtype:trojan-activity;sid:84466375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm6"; depth:13; endswith; nocase; http.host; content:"845918-gemini.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603276/; classtype:trojan-activity;sid:84466376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.spc"; depth:12; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603270/; classtype:trojan-activity;sid:84466370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm7"; depth:13; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603271/; classtype:trojan-activity;sid:84466371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.x86"; depth:12; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603266/; classtype:trojan-activity;sid:84466366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.m68k"; depth:13; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603267/; classtype:trojan-activity;sid:84466367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mips"; depth:13; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603268/; classtype:trojan-activity;sid:84466368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mpsl"; depth:13; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603269/; classtype:trojan-activity;sid:84466369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mips"; depth:13; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603265/; classtype:trojan-activity;sid:84466365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mpsl"; depth:13; endswith; nocase; http.host; content:"845918-gemini.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603262/; classtype:trojan-activity;sid:84466362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm7"; depth:13; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603263/; classtype:trojan-activity;sid:84466363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.spc"; depth:12; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603264/; classtype:trojan-activity;sid:84466364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.ppc"; depth:12; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603259/; classtype:trojan-activity;sid:84466359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.m68k"; depth:13; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603260/; classtype:trojan-activity;sid:84466360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.sh4"; depth:12; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603261/; classtype:trojan-activity;sid:84466361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm6"; depth:13; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603251/; classtype:trojan-activity;sid:84466351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm6"; depth:13; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603252/; classtype:trojan-activity;sid:84466352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.sh4"; depth:12; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603253/; classtype:trojan-activity;sid:84466353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.x86"; depth:12; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603254/; classtype:trojan-activity;sid:84466354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm6"; depth:13; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603255/; classtype:trojan-activity;sid:84466355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mips"; depth:13; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603256/; classtype:trojan-activity;sid:84466356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mips"; depth:13; endswith; nocase; http.host; content:"845918-gemini.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603257/; classtype:trojan-activity;sid:84466357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm"; depth:12; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603258/; classtype:trojan-activity;sid:84466358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mips"; depth:13; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603249/; classtype:trojan-activity;sid:84466349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm6"; depth:13; endswith; nocase; http.host; content:"gov-gr.me"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603250/; classtype:trojan-activity;sid:84466350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mpsl"; depth:13; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603246/; classtype:trojan-activity;sid:84466346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.m68k"; depth:13; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603247/; classtype:trojan-activity;sid:84466347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm7"; depth:13; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603248/; classtype:trojan-activity;sid:84466348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.m68k"; depth:13; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603243/; classtype:trojan-activity;sid:84466343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mips"; depth:13; endswith; nocase; http.host; content:"gov-gr.me"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603244/; classtype:trojan-activity;sid:84466344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.ppc"; depth:12; endswith; nocase; http.host; content:"www.gov-gr.me"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603245/; classtype:trojan-activity;sid:84466345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm7"; depth:13; endswith; nocase; http.host; content:"www.gov-gr.me"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603238/; classtype:trojan-activity;sid:84466338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.ppc"; depth:12; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603239/; classtype:trojan-activity;sid:84466339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm7"; depth:13; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603240/; classtype:trojan-activity;sid:84466340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.x86"; depth:12; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603241/; classtype:trojan-activity;sid:84466341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm"; depth:12; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603242/; classtype:trojan-activity;sid:84466342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.ppc"; depth:12; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603234/; classtype:trojan-activity;sid:84466334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm"; depth:12; endswith; nocase; http.host; content:"www.gov-gr.me"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603235/; classtype:trojan-activity;sid:84466335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mpsl"; depth:13; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603236/; classtype:trojan-activity;sid:84466336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.sh4"; depth:12; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603237/; classtype:trojan-activity;sid:84466337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm5"; depth:13; endswith; nocase; http.host; content:"gov-gr.me"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603233/; classtype:trojan-activity;sid:84466333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm6"; depth:13; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603226/; classtype:trojan-activity;sid:84466326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm5"; depth:13; endswith; nocase; http.host; content:"845918-gemini.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603227/; classtype:trojan-activity;sid:84466327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm5"; depth:13; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603228/; classtype:trojan-activity;sid:84466328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm7"; depth:13; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603229/; classtype:trojan-activity;sid:84466329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.m68k"; depth:13; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603230/; classtype:trojan-activity;sid:84466330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm"; depth:12; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603231/; classtype:trojan-activity;sid:84466331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.x86"; depth:12; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603232/; classtype:trojan-activity;sid:84466332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mpsl"; depth:13; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603225/; classtype:trojan-activity;sid:84466325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.ppc"; depth:12; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603222/; classtype:trojan-activity;sid:84466322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm6"; depth:13; endswith; nocase; http.host; content:"www.gov-gr.me"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603223/; classtype:trojan-activity;sid:84466323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.m68k"; depth:13; endswith; nocase; http.host; content:"www.gov-gr.me"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603224/; classtype:trojan-activity;sid:84466324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mpsl"; depth:13; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603209/; classtype:trojan-activity;sid:84466309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.ppc"; depth:12; endswith; nocase; http.host; content:"845918-gemini.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603210/; classtype:trojan-activity;sid:84466310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm"; depth:12; endswith; nocase; http.host; content:"845918-gemini.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603211/; classtype:trojan-activity;sid:84466311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.ppc"; depth:12; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603212/; classtype:trojan-activity;sid:84466312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.x86"; depth:12; endswith; nocase; http.host; content:"845918-gemini.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603213/; classtype:trojan-activity;sid:84466313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm7"; depth:13; endswith; nocase; http.host; content:"845918-gemini.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603214/; classtype:trojan-activity;sid:84466314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mpsl"; depth:13; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603215/; classtype:trojan-activity;sid:84466315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm5"; depth:13; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603216/; classtype:trojan-activity;sid:84466316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mips"; depth:13; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603217/; classtype:trojan-activity;sid:84466317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.spc"; depth:12; endswith; nocase; http.host; content:"gov-gr.me"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603218/; classtype:trojan-activity;sid:84466318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm"; depth:12; endswith; nocase; http.host; content:"gov-gr.me"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603219/; classtype:trojan-activity;sid:84466319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.spc"; depth:12; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603220/; classtype:trojan-activity;sid:84466320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.sh4"; depth:12; endswith; nocase; http.host; content:"845918-gemini.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603221/; classtype:trojan-activity;sid:84466321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm"; depth:12; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603206/; classtype:trojan-activity;sid:84466306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm"; depth:12; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603207/; classtype:trojan-activity;sid:84466307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mips"; depth:13; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603208/; classtype:trojan-activity;sid:84466308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.m68k"; depth:13; endswith; nocase; http.host; content:"gov-gr.me"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603205/; classtype:trojan-activity;sid:84466305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.sh4"; depth:12; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603204/; classtype:trojan-activity;sid:84466304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.78.5"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603195/; classtype:trojan-activity;sid:84466295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.x86"; depth:12; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603196/; classtype:trojan-activity;sid:84466296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm"; depth:12; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603197/; classtype:trojan-activity;sid:84466297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.sh4"; depth:12; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603198/; classtype:trojan-activity;sid:84466298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.spc"; depth:12; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603199/; classtype:trojan-activity;sid:84466299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.ppc"; depth:12; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603200/; classtype:trojan-activity;sid:84466300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.spc"; depth:12; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603201/; classtype:trojan-activity;sid:84466301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm5"; depth:13; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603202/; classtype:trojan-activity;sid:84466302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm6"; depth:13; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603203/; classtype:trojan-activity;sid:84466303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.spc"; depth:12; endswith; nocase; http.host; content:"845918-gemini.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603192/; classtype:trojan-activity;sid:84466292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.spc"; depth:12; endswith; nocase; http.host; content:"www.gov-gr.me"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603193/; classtype:trojan-activity;sid:84466293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mpsl"; depth:13; endswith; nocase; http.host; content:"gov-gr.me"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603194/; classtype:trojan-activity;sid:84466294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.sh4"; depth:12; endswith; nocase; http.host; content:"www.gov-gr.me"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603190/; classtype:trojan-activity;sid:84466290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.x86"; depth:12; endswith; nocase; http.host; content:"www.gov-gr.me"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603191/; classtype:trojan-activity;sid:84466291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.x86"; depth:12; endswith; nocase; http.host; content:"gov-gr.me"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603189/; classtype:trojan-activity;sid:84466289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.sh4"; depth:12; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603187/; classtype:trojan-activity;sid:84466287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.sh4"; depth:12; endswith; nocase; http.host; content:"gov-gr.me"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603188/; classtype:trojan-activity;sid:84466288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mpsl"; depth:13; endswith; nocase; http.host; content:"www.gov-gr.me"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603185/; classtype:trojan-activity;sid:84466285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm5"; depth:13; endswith; nocase; http.host; content:"www.gov-gr.me"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603186/; classtype:trojan-activity;sid:84466286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.ppc"; depth:12; endswith; nocase; http.host; content:"gov-gr.me"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603184/; classtype:trojan-activity;sid:84466284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm6"; depth:13; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603178/; classtype:trojan-activity;sid:84466278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.m68k"; depth:13; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603179/; classtype:trojan-activity;sid:84466279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mpsl"; depth:13; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603180/; classtype:trojan-activity;sid:84466280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.mips"; depth:13; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603181/; classtype:trojan-activity;sid:84466281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.spc"; depth:12; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603182/; classtype:trojan-activity;sid:84466282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm7"; depth:13; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603183/; classtype:trojan-activity;sid:84466283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.ppc"; depth:12; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603175/; classtype:trojan-activity;sid:84466275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.x86"; depth:12; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603176/; classtype:trojan-activity;sid:84466276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/akido.arm"; depth:12; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603177/; classtype:trojan-activity;sid:84466277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.130.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603174/; classtype:trojan-activity;sid:84466274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.243.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603173/; classtype:trojan-activity;sid:84466273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/konto2.pdf.lnk"; depth:25; endswith; nocase; http.host; content:"89.221.203.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603171/; classtype:trojan-activity;sid:84466271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/konto.pdf.lnk"; depth:24; endswith; nocase; http.host; content:"89.221.203.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603172/; classtype:trojan-activity;sid:84466272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/testms.pdf.lnk"; depth:25; endswith; nocase; http.host; content:"89.221.203.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603170/; classtype:trojan-activity;sid:84466270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"172.245.41.3"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603169/; classtype:trojan-activity;sid:84466269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.46.128.236"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603168/; classtype:trojan-activity;sid:84466268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"202.155.152.136"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603166/; classtype:trojan-activity;sid:84466266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.137.148.227"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603167/; classtype:trojan-activity;sid:84466267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.97.125.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603165/; classtype:trojan-activity;sid:84466265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"91.201.42.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603164/; classtype:trojan-activity;sid:84466264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.95.215.155"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603162/; classtype:trojan-activity;sid:84466262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.224.167.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603163/; classtype:trojan-activity;sid:84466263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.136.192.22"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603161/; classtype:trojan-activity;sid:84466261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.142.201.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603154/; classtype:trojan-activity;sid:84466254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.139.108.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603155/; classtype:trojan-activity;sid:84466255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.139.110.246"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603156/; classtype:trojan-activity;sid:84466256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"96.125.128.2"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603157/; classtype:trojan-activity;sid:84466257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.235.33.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603158/; classtype:trojan-activity;sid:84466258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.124.94.25"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603159/; classtype:trojan-activity;sid:84466259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.71.3.17"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603160/; classtype:trojan-activity;sid:84466260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"51.175.160.89"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603150/; classtype:trojan-activity;sid:84466250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.231.120.203"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603151/; classtype:trojan-activity;sid:84466251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.183.142.15"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603152/; classtype:trojan-activity;sid:84466252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.220.87.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603153/; classtype:trojan-activity;sid:84466253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.157.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603149/; classtype:trojan-activity;sid:84466249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"171.235.199.79"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603148/; classtype:trojan-activity;sid:84466248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.173.38.186"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603145/; classtype:trojan-activity;sid:84466245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.247.136.238"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603146/; classtype:trojan-activity;sid:84466246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.176.193.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603147/; classtype:trojan-activity;sid:84466247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.162.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603143/; classtype:trojan-activity;sid:84466243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"77.12.246.168"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603144/; classtype:trojan-activity;sid:84466244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.125.81.138"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603140/; classtype:trojan-activity;sid:84466240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.172.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603141/; classtype:trojan-activity;sid:84466241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.50.123.86"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603142/; classtype:trojan-activity;sid:84466242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.123.14"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603139/; classtype:trojan-activity;sid:84466239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.31.189.32"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603138/; classtype:trojan-activity;sid:84466238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.247.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603137/; classtype:trojan-activity;sid:84466237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.247.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603135/; classtype:trojan-activity;sid:84466235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.196"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603134/; classtype:trojan-activity;sid:84466234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.16.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603133/; classtype:trojan-activity;sid:84466233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.158.37"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603132/; classtype:trojan-activity;sid:84466232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.229.57"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603131/; classtype:trojan-activity;sid:84466231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.88.17"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603130/; classtype:trojan-activity;sid:84466230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.196"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603129/; classtype:trojan-activity;sid:84466229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.158.37"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603128/; classtype:trojan-activity;sid:84466228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.229.57"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603127/; classtype:trojan-activity;sid:84466227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6636784442/3ggitiu.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603126/; classtype:trojan-activity;sid:84466226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603124/; classtype:trojan-activity;sid:84466224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603125/; classtype:trojan-activity;sid:84466225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603123/; classtype:trojan-activity;sid:84466223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6868218844/7wqihha.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603121/; classtype:trojan-activity;sid:84466221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603122/; classtype:trojan-activity;sid:84466222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603119/; classtype:trojan-activity;sid:84466219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603120/; classtype:trojan-activity;sid:84466220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603118/; classtype:trojan-activity;sid:84466218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.171.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603114/; classtype:trojan-activity;sid:84466214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603115/; classtype:trojan-activity;sid:84466215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603116/; classtype:trojan-activity;sid:84466216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cert.exe"; depth:9; endswith; nocase; http.host; content:"45.141.233.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603117/; classtype:trojan-activity;sid:84466217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/887698409/skjzt8j.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603111/; classtype:trojan-activity;sid:84466211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603112/; classtype:trojan-activity;sid:84466212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603113/; classtype:trojan-activity;sid:84466213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/892962105/wckdxho.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603110/; classtype:trojan-activity;sid:84466210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603109/; classtype:trojan-activity;sid:84466209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603108/; classtype:trojan-activity;sid:84466208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603102/; classtype:trojan-activity;sid:84466202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603103/; classtype:trojan-activity;sid:84466203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603104/; classtype:trojan-activity;sid:84466204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603105/; classtype:trojan-activity;sid:84466205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603106/; classtype:trojan-activity;sid:84466206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603107/; classtype:trojan-activity;sid:84466207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603101/; classtype:trojan-activity;sid:84466201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.179.22"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603100/; classtype:trojan-activity;sid:84466200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.59.81.165"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603099/; classtype:trojan-activity;sid:84466199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.171.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603098/; classtype:trojan-activity;sid:84466198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.18.112"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603097/; classtype:trojan-activity;sid:84466197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.55.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603096/; classtype:trojan-activity;sid:84466196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.140.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603095/; classtype:trojan-activity;sid:84466195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.188.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603094/; classtype:trojan-activity;sid:84466194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.20.108"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603093/; classtype:trojan-activity;sid:84466193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.203.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603092/; classtype:trojan-activity;sid:84466192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.155.94"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603091/; classtype:trojan-activity;sid:84466191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.243.14"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603090/; classtype:trojan-activity;sid:84466190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.62.13"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603089/; classtype:trojan-activity;sid:84466189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.20.108"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603088/; classtype:trojan-activity;sid:84466188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.155.94"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603087/; classtype:trojan-activity;sid:84466187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.64.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603086/; classtype:trojan-activity;sid:84466186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.243.14"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603084/; classtype:trojan-activity;sid:84466184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.203.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603085/; classtype:trojan-activity;sid:84466185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.79.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603083/; classtype:trojan-activity;sid:84466183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.53.136"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603082/; classtype:trojan-activity;sid:84466182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.46.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603081/; classtype:trojan-activity;sid:84466181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.64.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603080/; classtype:trojan-activity;sid:84466180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.122.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603079/; classtype:trojan-activity;sid:84466179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603078/; classtype:trojan-activity;sid:84466178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603077/; classtype:trojan-activity;sid:84466177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603066/; classtype:trojan-activity;sid:84466166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603067/; classtype:trojan-activity;sid:84466167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603068/; classtype:trojan-activity;sid:84466168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603069/; classtype:trojan-activity;sid:84466169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603070/; classtype:trojan-activity;sid:84466170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603071/; classtype:trojan-activity;sid:84466171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603072/; classtype:trojan-activity;sid:84466172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603073/; classtype:trojan-activity;sid:84466173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603074/; classtype:trojan-activity;sid:84466174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603075/; classtype:trojan-activity;sid:84466175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603076/; classtype:trojan-activity;sid:84466176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603065/; classtype:trojan-activity;sid:84466165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603063/; classtype:trojan-activity;sid:84466163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"121.127.231.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603064/; classtype:trojan-activity;sid:84466164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603056/; classtype:trojan-activity;sid:84466156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603057/; classtype:trojan-activity;sid:84466157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603058/; classtype:trojan-activity;sid:84466158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603059/; classtype:trojan-activity;sid:84466159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"212.11.64.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603060/; classtype:trojan-activity;sid:84466160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603061/; classtype:trojan-activity;sid:84466161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"23.177.185.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603062/; classtype:trojan-activity;sid:84466162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.122.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603055/; classtype:trojan-activity;sid:84466155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/genesis.js/discord.js"; depth:22; endswith; nocase; http.host; content:"akrapo7.github.io"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603054/; classtype:trojan-activity;sid:84466154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/655/ssece/verygoodbusinessruleswithbestfeatureswhatgivenyoufor________verygoodbusinessruleswithbestfeatureswhatgivenyoufor___________verygoodbusinessruleswithbestfeatureswhatgivenyoufor.doc"; depth:190; endswith; nocase; http.host; content:"107.174.34.148"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603053/; classtype:trojan-activity;sid:84466153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.46.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603052/; classtype:trojan-activity;sid:84466152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay.exe"; depth:8; endswith; nocase; http.host; content:"45.132.238.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603051/; classtype:trojan-activity;sid:84466151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.exe"; depth:6; endswith; nocase; http.host; content:"45.132.238.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603050/; classtype:trojan-activity;sid:84466150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arm"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603049/; classtype:trojan-activity;sid:84466149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.mpsl"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603048/; classtype:trojan-activity;sid:84466148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arm7"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603047/; classtype:trojan-activity;sid:84466147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arm5"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603044/; classtype:trojan-activity;sid:84466144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.mips"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603045/; classtype:trojan-activity;sid:84466145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arc"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603046/; classtype:trojan-activity;sid:84466146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.m68k"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603042/; classtype:trojan-activity;sid:84466142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.spc"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603043/; classtype:trojan-activity;sid:84466143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arm6"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603038/; classtype:trojan-activity;sid:84466138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.ppc"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603039/; classtype:trojan-activity;sid:84466139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.x86"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603040/; classtype:trojan-activity;sid:84466140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.sh4"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603041/; classtype:trojan-activity;sid:84466141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/ohshit.sh"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603037/; classtype:trojan-activity;sid:84466137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.164.224"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603036/; classtype:trojan-activity;sid:84466136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/direct/d24ce47e-cb1a-448a-997b-c94a59c5e433/wasabi-3.0.0.pkg"; depth:70; endswith; nocase; http.host; content:"store-na-phx-2.gofile.io"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603035/; classtype:trojan-activity;sid:84466135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testaccouynt/wrqerq121r/blob/main/var/www/html/ohshit.sh"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603034/; classtype:trojan-activity;sid:84466134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.191.254.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603033/; classtype:trojan-activity;sid:84466133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603031/; classtype:trojan-activity;sid:84466131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603032/; classtype:trojan-activity;sid:84466132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.6.195"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603029/; classtype:trojan-activity;sid:84466129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.230.183"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603030/; classtype:trojan-activity;sid:84466130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603025/; classtype:trojan-activity;sid:84466125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet.sh"; depth:10; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603026/; classtype:trojan-activity;sid:84466126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603027/; classtype:trojan-activity;sid:84466127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet.sh"; depth:10; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603028/; classtype:trojan-activity;sid:84466128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/hno-250648369.lnk"; depth:23; endswith; nocase; http.host; content:"23.177.184.243"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603024/; classtype:trojan-activity;sid:84466124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603023/; classtype:trojan-activity;sid:84466123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603022/; classtype:trojan-activity;sid:84466122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603010/; classtype:trojan-activity;sid:84466110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603011/; classtype:trojan-activity;sid:84466111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603012/; classtype:trojan-activity;sid:84466112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603013/; classtype:trojan-activity;sid:84466113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603014/; classtype:trojan-activity;sid:84466114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603015/; classtype:trojan-activity;sid:84466115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603016/; classtype:trojan-activity;sid:84466116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603017/; classtype:trojan-activity;sid:84466117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603018/; classtype:trojan-activity;sid:84466118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603019/; classtype:trojan-activity;sid:84466119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603020/; classtype:trojan-activity;sid:84466120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603021/; classtype:trojan-activity;sid:84466121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603000/; classtype:trojan-activity;sid:84466100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603001/; classtype:trojan-activity;sid:84466101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603002/; classtype:trojan-activity;sid:84466102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603003/; classtype:trojan-activity;sid:84466103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603004/; classtype:trojan-activity;sid:84466104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603005/; classtype:trojan-activity;sid:84466105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603006/; classtype:trojan-activity;sid:84466106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"djargish.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603007/; classtype:trojan-activity;sid:84466107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603008/; classtype:trojan-activity;sid:84466108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603009/; classtype:trojan-activity;sid:84466109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602999/; classtype:trojan-activity;sid:84466099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"chaparstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602998/; classtype:trojan-activity;sid:84466098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.33.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602997/; classtype:trojan-activity;sid:84466097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602995/; classtype:trojan-activity;sid:84466095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"160.250.136.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602996/; classtype:trojan-activity;sid:84466096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.109.169"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602993/; classtype:trojan-activity;sid:84466093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.181.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602994/; classtype:trojan-activity;sid:84466094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602990/; classtype:trojan-activity;sid:84466090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.92.60"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602991/; classtype:trojan-activity;sid:84466091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.83.40"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602992/; classtype:trojan-activity;sid:84466092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.191.254.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602987/; classtype:trojan-activity;sid:84466087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602988/; classtype:trojan-activity;sid:84466088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602989/; classtype:trojan-activity;sid:84466089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86_64"; depth:16; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602985/; classtype:trojan-activity;sid:84466085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86"; depth:13; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602986/; classtype:trojan-activity;sid:84466086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/m68k"; depth:14; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602983/; classtype:trojan-activity;sid:84466083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm5"; depth:14; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602984/; classtype:trojan-activity;sid:84466084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm6"; depth:14; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602979/; classtype:trojan-activity;sid:84466079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/spc"; depth:13; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602980/; classtype:trojan-activity;sid:84466080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/ppc"; depth:13; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602981/; classtype:trojan-activity;sid:84466081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mips"; depth:14; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602982/; classtype:trojan-activity;sid:84466082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mpsl"; depth:14; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602975/; classtype:trojan-activity;sid:84466075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm"; depth:13; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602976/; classtype:trojan-activity;sid:84466076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/sh4"; depth:13; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602977/; classtype:trojan-activity;sid:84466077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm7"; depth:14; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602978/; classtype:trojan-activity;sid:84466078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.230.183"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602974/; classtype:trojan-activity;sid:84466074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.110.131"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602973/; classtype:trojan-activity;sid:84466073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.17.202"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602972/; classtype:trojan-activity;sid:84466072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602970/; classtype:trojan-activity;sid:84466070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602971/; classtype:trojan-activity;sid:84466071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602969/; classtype:trojan-activity;sid:84466069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602965/; classtype:trojan-activity;sid:84466065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602966/; classtype:trojan-activity;sid:84466066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602967/; classtype:trojan-activity;sid:84466067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602968/; classtype:trojan-activity;sid:84466068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.253.64"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602962/; classtype:trojan-activity;sid:84466062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602963/; classtype:trojan-activity;sid:84466063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.111.79"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602964/; classtype:trojan-activity;sid:84466064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.17.202"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602954/; classtype:trojan-activity;sid:84466054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602955/; classtype:trojan-activity;sid:84466055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602956/; classtype:trojan-activity;sid:84466056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.13.0"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602957/; classtype:trojan-activity;sid:84466057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602958/; classtype:trojan-activity;sid:84466058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602959/; classtype:trojan-activity;sid:84466059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602960/; classtype:trojan-activity;sid:84466060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602961/; classtype:trojan-activity;sid:84466061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602953/; classtype:trojan-activity;sid:84466053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602952/; classtype:trojan-activity;sid:84466052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602951/; classtype:trojan-activity;sid:84466051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602949/; classtype:trojan-activity;sid:84466049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602950/; classtype:trojan-activity;sid:84466050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602948/; classtype:trojan-activity;sid:84466048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"tls.sevagoth.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602947/; classtype:trojan-activity;sid:84466047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.102.166.139"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602946/; classtype:trojan-activity;sid:84466046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.45.75.133"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602945/; classtype:trojan-activity;sid:84466045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.255.73"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602944/; classtype:trojan-activity;sid:84466044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.93.14"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602943/; classtype:trojan-activity;sid:84466043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.144.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602942/; classtype:trojan-activity;sid:84466042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.169.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602941/; classtype:trojan-activity;sid:84466041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7842229497/lmnyf1p.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602940/; classtype:trojan-activity;sid:84466040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.233.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602939/; classtype:trojan-activity;sid:84466039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.66.185"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602937/; classtype:trojan-activity;sid:84466037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.13.0"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602938/; classtype:trojan-activity;sid:84466038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.127.245"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602936/; classtype:trojan-activity;sid:84466036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.61.138"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602935/; classtype:trojan-activity;sid:84466035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rh.exe"; depth:7; endswith; nocase; http.host; content:"xxx-click.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602934/; classtype:trojan-activity;sid:84466034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thursdayconstraints.vbs"; depth:24; endswith; nocase; http.host; content:"107.175.243.133"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602933/; classtype:trojan-activity;sid:84466033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruldsivul4badsr.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602932/; classtype:trojan-activity;sid:84466032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bi.js"; depth:6; endswith; nocase; http.host; content:"45.141.233.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602930/; classtype:trojan-activity;sid:84466030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6b3te5tj6otjbik.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602931/; classtype:trojan-activity;sid:84466031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mi.js"; depth:6; endswith; nocase; http.host; content:"94.26.90.109"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602929/; classtype:trojan-activity;sid:84466029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oba.js"; depth:7; endswith; nocase; http.host; content:"94.26.90.109"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602928/; classtype:trojan-activity;sid:84466028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grycdq6qdnaztix.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602927/; classtype:trojan-activity;sid:84466027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j6cpnjk37bjjm7u.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602926/; classtype:trojan-activity;sid:84466026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pwqumlzvxrdywgv.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602924/; classtype:trojan-activity;sid:84466024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuesdayconstraints.vbs"; depth:23; endswith; nocase; http.host; content:"107.175.243.133"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602925/; classtype:trojan-activity;sid:84466025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjo.js"; depth:7; endswith; nocase; http.host; content:"45.141.233.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602923/; classtype:trojan-activity;sid:84466023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.144.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602922/; classtype:trojan-activity;sid:84466022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c91kmsh9sq05mdr.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602921/; classtype:trojan-activity;sid:84466021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/wealth-98b6e.firebasestorage.app/o/uploads%2ftmp72be.txt|3f|alt=media|7c|26|7c|token=318bf2df-0bd0-4cc4-99f4-88630b25a2a6"; depth:127; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602920/; classtype:trojan-activity;sid:84466020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/179/wcb/niceskillwithbestpeoplesaroundonmebetteroptions_________niceskillwithbestpeoplesaroundonmebetteroptions__________niceskillwithbestpeoplesaroundonmebetteroptions.doc"; depth:173; endswith; nocase; http.host; content:"40.81.185.194"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602919/; classtype:trojan-activity;sid:84466019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.192.255.73"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602918/; classtype:trojan-activity;sid:84466018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.111.79"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602916/; classtype:trojan-activity;sid:84466016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.113.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602917/; classtype:trojan-activity;sid:84466017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/rsafdofgk.txt"; depth:18; endswith; nocase; http.host; content:"doublemanfs.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602915/; classtype:trojan-activity;sid:84466015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.97.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602914/; classtype:trojan-activity;sid:84466014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7887437310/ekosqdq.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602913/; classtype:trojan-activity;sid:84466013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.247.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602912/; classtype:trojan-activity;sid:84466012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.93.14"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602911/; classtype:trojan-activity;sid:84466011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.151.122"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602910/; classtype:trojan-activity;sid:84466010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/128/agoodfriendwithbestpersoneverget.js"; depth:40; endswith; nocase; http.host; content:"107.172.132.57"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602909/; classtype:trojan-activity;sid:84466009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/181/bestpeoplesgreatachivermenetswithbestterpackagesgivenmegood.vbs"; depth:68; endswith; nocase; http.host; content:"40.81.185.194"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602907/; classtype:trojan-activity;sid:84466007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/180/seethemagicofbestpeoplesentiretimeforgivenbestthings.js"; depth:60; endswith; nocase; http.host; content:"4.255.137.108"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602908/; classtype:trojan-activity;sid:84466008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/115/verygoodgentlmanbehavingfoodformetogivebest.vbs"; depth:52; endswith; nocase; http.host; content:"146.185.239.57"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602905/; classtype:trojan-activity;sid:84466005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/187/bestpicturewithgreatpeoplesaroundthelinebestthings.vbs"; depth:59; endswith; nocase; http.host; content:"40.81.185.194"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602906/; classtype:trojan-activity;sid:84466006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.7.240"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602904/; classtype:trojan-activity;sid:84466004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.127.245"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602902/; classtype:trojan-activity;sid:84466002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.74.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602903/; classtype:trojan-activity;sid:84466003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_28ab16585d4a43e4b21952661f97a018.txt"; depth:45; endswith; nocase; http.host; content:"recruitmentsadd.lovestoblog.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602901/; classtype:trojan-activity;sid:84466001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_11111937d5634b1ebe5ae9dd2a32f0ce.txt"; depth:45; endswith; nocase; http.host; content:"recruitmentsadd.lovestoblog.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602900/; classtype:trojan-activity;sid:84466000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.138.13"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602899/; classtype:trojan-activity;sid:84465999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.exe"; depth:8; endswith; nocase; http.host; content:"176.46.152.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602898/; classtype:trojan-activity;sid:84465998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.exe"; depth:11; endswith; nocase; http.host; content:"176.46.152.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602895/; classtype:trojan-activity;sid:84465995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.exe"; depth:11; endswith; nocase; http.host; content:"176.46.152.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602896/; classtype:trojan-activity;sid:84465996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.exe"; depth:6; endswith; nocase; http.host; content:"176.46.152.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602897/; classtype:trojan-activity;sid:84465997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_201d648569ca4302a75dfe8883bc9758.txt"; depth:45; endswith; nocase; http.host; content:"fastest.ct.ws"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602894/; classtype:trojan-activity;sid:84465994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_befaaf836b2e4830a72599b6dfafe039.txt"; depth:45; endswith; nocase; http.host; content:"butty.infinityfree.me"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602893/; classtype:trojan-activity;sid:84465993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.247.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602892/; classtype:trojan-activity;sid:84465992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.113.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602891/; classtype:trojan-activity;sid:84465991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ymyct.exe"; depth:10; endswith; nocase; http.host; content:"77.237.247.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602890/; classtype:trojan-activity;sid:84465990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kp.d"; depth:5; endswith; nocase; http.host; content:"77.237.247.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602889/; classtype:trojan-activity;sid:84465989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_891811e4876e408d8bc40f9dae2e518e.txt"; depth:45; endswith; nocase; http.host; content:"radicadoscol001.infy.uk"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602888/; classtype:trojan-activity;sid:84465988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_fa47ccc0b9234a9e89d03934adc19762.txt"; depth:45; endswith; nocase; http.host; content:"radicadoscol001.infy.uk"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602887/; classtype:trojan-activity;sid:84465987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.136.6.171"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602886/; classtype:trojan-activity;sid:84465986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.37.248"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602885/; classtype:trojan-activity;sid:84465985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.30.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602884/; classtype:trojan-activity;sid:84465984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/acme-challenge/richpy/ssmtp4.zip"; depth:45; endswith; nocase; http.host; content:"ortopie.phuyufact.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602883/; classtype:trojan-activity;sid:84465983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.45.116"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602882/; classtype:trojan-activity;sid:84465982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.86.244"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602881/; classtype:trojan-activity;sid:84465981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.230.51"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602880/; classtype:trojan-activity;sid:84465980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.104.104"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602879/; classtype:trojan-activity;sid:84465979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.221.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602878/; classtype:trojan-activity;sid:84465978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.136.6.171"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602877/; classtype:trojan-activity;sid:84465977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hostfiles/testme2.exe"; depth:22; endswith; nocase; http.host; content:"194.62.248.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602876/; classtype:trojan-activity;sid:84465976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hostfiles/insinuatory.exe"; depth:26; endswith; nocase; http.host; content:"194.62.248.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602872/; classtype:trojan-activity;sid:84465972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hostfiles/paediatry.exe"; depth:24; endswith; nocase; http.host; content:"194.62.248.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602873/; classtype:trojan-activity;sid:84465973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hostfiles/putty.exe"; depth:20; endswith; nocase; http.host; content:"194.62.248.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602874/; classtype:trojan-activity;sid:84465974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hostfiles/reroll.scr"; depth:21; endswith; nocase; http.host; content:"194.62.248.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602875/; classtype:trojan-activity;sid:84465975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/tfrqp9wi"; depth:18; endswith; nocase; http.host; content:"pixeldrain.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602871/; classtype:trojan-activity;sid:84465971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/universe-1733359315202-8750.jpg"; depth:32; endswith; nocase; http.host; content:"serverdata-cloud.cloud"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602870/; classtype:trojan-activity;sid:84465970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.30.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602868/; classtype:trojan-activity;sid:84465968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.229.64"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602869/; classtype:trojan-activity;sid:84465969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/note.bak"; depth:9; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602867/; classtype:trojan-activity;sid:84465967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/play.bak"; depth:9; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602866/; classtype:trojan-activity;sid:84465966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/electric.bak"; depth:13; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602865/; classtype:trojan-activity;sid:84465965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/legal.bak"; depth:10; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602863/; classtype:trojan-activity;sid:84465963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loan.bak"; depth:9; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602864/; classtype:trojan-activity;sid:84465964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.bak"; depth:9; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602859/; classtype:trojan-activity;sid:84465959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/direct.bak"; depth:11; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602860/; classtype:trojan-activity;sid:84465960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/about.bak"; depth:10; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602861/; classtype:trojan-activity;sid:84465961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/culture.bak"; depth:12; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602862/; classtype:trojan-activity;sid:84465962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.164.224"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602858/; classtype:trojan-activity;sid:84465958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.110.30.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602857/; classtype:trojan-activity;sid:84465957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.230.51"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602856/; classtype:trojan-activity;sid:84465956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.191.59.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602855/; classtype:trojan-activity;sid:84465955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.229.64"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602854/; classtype:trojan-activity;sid:84465954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.24.209"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602853/; classtype:trojan-activity;sid:84465953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.91.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602852/; classtype:trojan-activity;sid:84465952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m.sh"; depth:5; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602851/; classtype:trojan-activity;sid:84465951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnc"; depth:4; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602850/; classtype:trojan-activity;sid:84465950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.ppc"; depth:8; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602848/; classtype:trojan-activity;sid:84465948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.arm5"; depth:9; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602849/; classtype:trojan-activity;sid:84465949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.arm6"; depth:12; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602839/; classtype:trojan-activity;sid:84465939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602840/; classtype:trojan-activity;sid:84465940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.sh4"; depth:8; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602841/; classtype:trojan-activity;sid:84465941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.sh4"; depth:11; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602842/; classtype:trojan-activity;sid:84465942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan.x86"; depth:9; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602843/; classtype:trojan-activity;sid:84465943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.mpsl"; depth:9; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602844/; classtype:trojan-activity;sid:84465944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.mips"; depth:9; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602845/; classtype:trojan-activity;sid:84465945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.spc"; depth:11; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602846/; classtype:trojan-activity;sid:84465946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.mpsl"; depth:12; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602847/; classtype:trojan-activity;sid:84465947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.arm5"; depth:12; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602833/; classtype:trojan-activity;sid:84465933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.ppc"; depth:11; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602834/; classtype:trojan-activity;sid:84465934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.mips"; depth:12; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602835/; classtype:trojan-activity;sid:84465935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.arm7"; depth:12; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602836/; classtype:trojan-activity;sid:84465936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.arm"; depth:11; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602837/; classtype:trojan-activity;sid:84465937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.arm7"; depth:9; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602838/; classtype:trojan-activity;sid:84465938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.x86"; depth:11; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602832/; classtype:trojan-activity;sid:84465932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan.x32"; depth:9; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602827/; classtype:trojan-activity;sid:84465927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.arm6"; depth:9; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602828/; classtype:trojan-activity;sid:84465928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.m68k"; depth:12; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602829/; classtype:trojan-activity;sid:84465929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaizen.x86_64"; depth:14; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602830/; classtype:trojan-activity;sid:84465930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.arm"; depth:8; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602831/; classtype:trojan-activity;sid:84465931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602820/; classtype:trojan-activity;sid:84465920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdgsfg"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602821/; classtype:trojan-activity;sid:84465921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602822/; classtype:trojan-activity;sid:84465922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/fdgsfg"; depth:9; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602823/; classtype:trojan-activity;sid:84465923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602824/; classtype:trojan-activity;sid:84465924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602825/; classtype:trojan-activity;sid:84465925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e"; depth:2; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602826/; classtype:trojan-activity;sid:84465926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602819/; classtype:trojan-activity;sid:84465919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602804/; classtype:trojan-activity;sid:84465904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/multi"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602805/; classtype:trojan-activity;sid:84465905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/debug.dbg"; depth:12; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602806/; classtype:trojan-activity;sid:84465906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602807/; classtype:trojan-activity;sid:84465907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602808/; classtype:trojan-activity;sid:84465908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/sh4"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602809/; classtype:trojan-activity;sid:84465909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602810/; classtype:trojan-activity;sid:84465910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/fb"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602811/; classtype:trojan-activity;sid:84465911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602812/; classtype:trojan-activity;sid:84465912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.sh"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602813/; classtype:trojan-activity;sid:84465913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lll"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602814/; classtype:trojan-activity;sid:84465914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/toto"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602815/; classtype:trojan-activity;sid:84465915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/asd"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602816/; classtype:trojan-activity;sid:84465916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/ipc"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602817/; classtype:trojan-activity;sid:84465917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602818/; classtype:trojan-activity;sid:84465918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/b"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602801/; classtype:trojan-activity;sid:84465901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/create.py"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602802/; classtype:trojan-activity;sid:84465902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/f5"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602803/; classtype:trojan-activity;sid:84465903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/gocl"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602797/; classtype:trojan-activity;sid:84465897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602798/; classtype:trojan-activity;sid:84465898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602799/; classtype:trojan-activity;sid:84465899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/vc"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602800/; classtype:trojan-activity;sid:84465900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/w.sh"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602792/; classtype:trojan-activity;sid:84465892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/test.sh"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602793/; classtype:trojan-activity;sid:84465893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/get.sh"; depth:9; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602794/; classtype:trojan-activity;sid:84465894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ru.sh"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602795/; classtype:trojan-activity;sid:84465895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/ppc"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602796/; classtype:trojan-activity;sid:84465896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602785/; classtype:trojan-activity;sid:84465885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602786/; classtype:trojan-activity;sid:84465886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/linksys"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602787/; classtype:trojan-activity;sid:84465887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tp"; depth:3; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602788/; classtype:trojan-activity;sid:84465888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/ruck"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602789/; classtype:trojan-activity;sid:84465889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/c.sh"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602790/; classtype:trojan-activity;sid:84465890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.sh"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602791/; classtype:trojan-activity;sid:84465891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvs"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602782/; classtype:trojan-activity;sid:84465882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602783/; classtype:trojan-activity;sid:84465883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q"; depth:2; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602784/; classtype:trojan-activity;sid:84465884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602780/; classtype:trojan-activity;sid:84465880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/bins.sh"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602781/; classtype:trojan-activity;sid:84465881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5"; depth:3; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602777/; classtype:trojan-activity;sid:84465877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaxa"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602778/; classtype:trojan-activity;sid:84465878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/mips"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602779/; classtype:trojan-activity;sid:84465879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/weed"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602773/; classtype:trojan-activity;sid:84465873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/multi"; depth:8; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602774/; classtype:trojan-activity;sid:84465874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602775/; classtype:trojan-activity;sid:84465875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb"; depth:3; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602776/; classtype:trojan-activity;sid:84465876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602771/; classtype:trojan-activity;sid:84465871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602772/; classtype:trojan-activity;sid:84465872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/irz"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602766/; classtype:trojan-activity;sid:84465866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toto"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602767/; classtype:trojan-activity;sid:84465867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.sh"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602768/; classtype:trojan-activity;sid:84465868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602769/; classtype:trojan-activity;sid:84465869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/aaa"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602770/; classtype:trojan-activity;sid:84465870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/m68k"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602749/; classtype:trojan-activity;sid:84465849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/arm6"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602750/; classtype:trojan-activity;sid:84465850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/x86"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602751/; classtype:trojan-activity;sid:84465851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rtz"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602752/; classtype:trojan-activity;sid:84465852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/mag"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602753/; classtype:trojan-activity;sid:84465853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/spc"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602754/; classtype:trojan-activity;sid:84465854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/xaxa"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602755/; classtype:trojan-activity;sid:84465855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/av.sh"; depth:8; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602756/; classtype:trojan-activity;sid:84465856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/bx"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602757/; classtype:trojan-activity;sid:84465857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/arm7"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602758/; classtype:trojan-activity;sid:84465858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/runtime"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602759/; classtype:trojan-activity;sid:84465859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z"; depth:2; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602760/; classtype:trojan-activity;sid:84465860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vc"; depth:3; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602761/; classtype:trojan-activity;sid:84465861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdt"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602762/; classtype:trojan-activity;sid:84465862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/mpsl"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602763/; classtype:trojan-activity;sid:84465863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/lll"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602764/; classtype:trojan-activity;sid:84465864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/adb"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602765/; classtype:trojan-activity;sid:84465865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602744/; classtype:trojan-activity;sid:84465844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asd"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602745/; classtype:trojan-activity;sid:84465845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/wget.sh"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602746/; classtype:trojan-activity;sid:84465846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/x86_64"; depth:9; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602747/; classtype:trojan-activity;sid:84465847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mag"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602748/; classtype:trojan-activity;sid:84465848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602742/; classtype:trojan-activity;sid:84465842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zz"; depth:3; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602743/; classtype:trojan-activity;sid:84465843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/z.sh"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602741/; classtype:trojan-activity;sid:84465841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/arm"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602740/; classtype:trojan-activity;sid:84465840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/k.sh"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602736/; classtype:trojan-activity;sid:84465836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/arm5"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602737/; classtype:trojan-activity;sid:84465837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602738/; classtype:trojan-activity;sid:84465838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/jaws"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602739/; classtype:trojan-activity;sid:84465839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/g"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602732/; classtype:trojan-activity;sid:84465832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/zz"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602733/; classtype:trojan-activity;sid:84465833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/li"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602734/; classtype:trojan-activity;sid:84465834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/sdt"; depth:6; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602735/; classtype:trojan-activity;sid:84465835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.242.193"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602731/; classtype:trojan-activity;sid:84465831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.191.59.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602730/; classtype:trojan-activity;sid:84465830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.43.152"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602729/; classtype:trojan-activity;sid:84465829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.110.181.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602728/; classtype:trojan-activity;sid:84465828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.14.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602727/; classtype:trojan-activity;sid:84465827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.54.197"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602726/; classtype:trojan-activity;sid:84465826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602723/; classtype:trojan-activity;sid:84465823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602724/; classtype:trojan-activity;sid:84465824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602725/; classtype:trojan-activity;sid:84465825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602722/; classtype:trojan-activity;sid:84465822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602721/; classtype:trojan-activity;sid:84465821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602719/; classtype:trojan-activity;sid:84465819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602720/; classtype:trojan-activity;sid:84465820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buokxeiuengopizlhbhtfd158.bin"; depth:30; endswith; nocase; http.host; content:"galpet.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602718/; classtype:trojan-activity;sid:84465818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602716/; classtype:trojan-activity;sid:84465816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.110.181.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602717/; classtype:trojan-activity;sid:84465817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.14.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602715/; classtype:trojan-activity;sid:84465815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602714/; classtype:trojan-activity;sid:84465814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602712/; classtype:trojan-activity;sid:84465812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602713/; classtype:trojan-activity;sid:84465813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass"; depth:5; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602710/; classtype:trojan-activity;sid:84465810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602711/; classtype:trojan-activity;sid:84465811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbodrjqmjmbgmjh248.bin"; depth:23; endswith; nocase; http.host; content:"galpet.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602708/; classtype:trojan-activity;sid:84465808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gwrlgbxvskdzhcgjeqmq59.bin"; depth:27; endswith; nocase; http.host; content:"galpet.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602709/; classtype:trojan-activity;sid:84465809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602707/; classtype:trojan-activity;sid:84465807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602705/; classtype:trojan-activity;sid:84465805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602706/; classtype:trojan-activity;sid:84465806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602699/; classtype:trojan-activity;sid:84465799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602700/; classtype:trojan-activity;sid:84465800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602701/; classtype:trojan-activity;sid:84465801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602702/; classtype:trojan-activity;sid:84465802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602703/; classtype:trojan-activity;sid:84465803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602704/; classtype:trojan-activity;sid:84465804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602698/; classtype:trojan-activity;sid:84465798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602691/; classtype:trojan-activity;sid:84465791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602692/; classtype:trojan-activity;sid:84465792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602693/; classtype:trojan-activity;sid:84465793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602694/; classtype:trojan-activity;sid:84465794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602695/; classtype:trojan-activity;sid:84465795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602696/; classtype:trojan-activity;sid:84465796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602697/; classtype:trojan-activity;sid:84465797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602689/; classtype:trojan-activity;sid:84465789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602690/; classtype:trojan-activity;sid:84465790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602678/; classtype:trojan-activity;sid:84465778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602679/; classtype:trojan-activity;sid:84465779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602680/; classtype:trojan-activity;sid:84465780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602681/; classtype:trojan-activity;sid:84465781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602682/; classtype:trojan-activity;sid:84465782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602683/; classtype:trojan-activity;sid:84465783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602684/; classtype:trojan-activity;sid:84465784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602685/; classtype:trojan-activity;sid:84465785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602686/; classtype:trojan-activity;sid:84465786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602687/; classtype:trojan-activity;sid:84465787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602688/; classtype:trojan-activity;sid:84465788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602676/; classtype:trojan-activity;sid:84465776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602677/; classtype:trojan-activity;sid:84465777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602674/; classtype:trojan-activity;sid:84465774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602675/; classtype:trojan-activity;sid:84465775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602668/; classtype:trojan-activity;sid:84465768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602669/; classtype:trojan-activity;sid:84465769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602670/; classtype:trojan-activity;sid:84465770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602671/; classtype:trojan-activity;sid:84465771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602672/; classtype:trojan-activity;sid:84465772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602673/; classtype:trojan-activity;sid:84465773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602667/; classtype:trojan-activity;sid:84465767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602662/; classtype:trojan-activity;sid:84465762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602663/; classtype:trojan-activity;sid:84465763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602664/; classtype:trojan-activity;sid:84465764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602665/; classtype:trojan-activity;sid:84465765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602666/; classtype:trojan-activity;sid:84465766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602659/; classtype:trojan-activity;sid:84465759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602660/; classtype:trojan-activity;sid:84465760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602661/; classtype:trojan-activity;sid:84465761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602656/; classtype:trojan-activity;sid:84465756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602657/; classtype:trojan-activity;sid:84465757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602658/; classtype:trojan-activity;sid:84465758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602655/; classtype:trojan-activity;sid:84465755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602653/; classtype:trojan-activity;sid:84465753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602654/; classtype:trojan-activity;sid:84465754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602651/; classtype:trojan-activity;sid:84465751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602652/; classtype:trojan-activity;sid:84465752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602649/; classtype:trojan-activity;sid:84465749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602650/; classtype:trojan-activity;sid:84465750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602644/; classtype:trojan-activity;sid:84465744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602645/; classtype:trojan-activity;sid:84465745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602646/; classtype:trojan-activity;sid:84465746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602647/; classtype:trojan-activity;sid:84465747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602648/; classtype:trojan-activity;sid:84465748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602637/; classtype:trojan-activity;sid:84465737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602638/; classtype:trojan-activity;sid:84465738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602639/; classtype:trojan-activity;sid:84465739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602640/; classtype:trojan-activity;sid:84465740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602641/; classtype:trojan-activity;sid:84465741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602642/; classtype:trojan-activity;sid:84465742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602643/; classtype:trojan-activity;sid:84465743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602631/; classtype:trojan-activity;sid:84465731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602632/; classtype:trojan-activity;sid:84465732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602633/; classtype:trojan-activity;sid:84465733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602634/; classtype:trojan-activity;sid:84465734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602635/; classtype:trojan-activity;sid:84465735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602636/; classtype:trojan-activity;sid:84465736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602616/; classtype:trojan-activity;sid:84465716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"849617-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602617/; classtype:trojan-activity;sid:84465717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602618/; classtype:trojan-activity;sid:84465718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602619/; classtype:trojan-activity;sid:84465719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602620/; classtype:trojan-activity;sid:84465720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602621/; classtype:trojan-activity;sid:84465721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"681492-ledger.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602622/; classtype:trojan-activity;sid:84465722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602623/; classtype:trojan-activity;sid:84465723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602624/; classtype:trojan-activity;sid:84465724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602625/; classtype:trojan-activity;sid:84465725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"845918-exodus.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602626/; classtype:trojan-activity;sid:84465726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"845918t-coinbase.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602627/; classtype:trojan-activity;sid:84465727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602628/; classtype:trojan-activity;sid:84465728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"845918-crypto.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602629/; classtype:trojan-activity;sid:84465729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"849617-binance.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602630/; classtype:trojan-activity;sid:84465730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602615/; classtype:trojan-activity;sid:84465715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602614/; classtype:trojan-activity;sid:84465714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602613/; classtype:trojan-activity;sid:84465713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"riseonid.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602612/; classtype:trojan-activity;sid:84465712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.254.205"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602611/; classtype:trojan-activity;sid:84465711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602610/; classtype:trojan-activity;sid:84465710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602609/; classtype:trojan-activity;sid:84465709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.75.194"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602608/; classtype:trojan-activity;sid:84465708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602595/; classtype:trojan-activity;sid:84465695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602596/; classtype:trojan-activity;sid:84465696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602597/; classtype:trojan-activity;sid:84465697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602598/; classtype:trojan-activity;sid:84465698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602599/; classtype:trojan-activity;sid:84465699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602600/; classtype:trojan-activity;sid:84465700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602601/; classtype:trojan-activity;sid:84465701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602602/; classtype:trojan-activity;sid:84465702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602603/; classtype:trojan-activity;sid:84465703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602604/; classtype:trojan-activity;sid:84465704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602605/; classtype:trojan-activity;sid:84465705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602606/; classtype:trojan-activity;sid:84465706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602607/; classtype:trojan-activity;sid:84465707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.95.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602594/; classtype:trojan-activity;sid:84465694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.247.137"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602593/; classtype:trojan-activity;sid:84465693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.51.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602592/; classtype:trojan-activity;sid:84465692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.0.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602591/; classtype:trojan-activity;sid:84465691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.219.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602590/; classtype:trojan-activity;sid:84465690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602567/; classtype:trojan-activity;sid:84465667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602568/; classtype:trojan-activity;sid:84465668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602569/; classtype:trojan-activity;sid:84465669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602570/; classtype:trojan-activity;sid:84465670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602571/; classtype:trojan-activity;sid:84465671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602572/; classtype:trojan-activity;sid:84465672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602573/; classtype:trojan-activity;sid:84465673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602574/; classtype:trojan-activity;sid:84465674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602575/; classtype:trojan-activity;sid:84465675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602576/; classtype:trojan-activity;sid:84465676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602577/; classtype:trojan-activity;sid:84465677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602578/; classtype:trojan-activity;sid:84465678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602579/; classtype:trojan-activity;sid:84465679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602580/; classtype:trojan-activity;sid:84465680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602581/; classtype:trojan-activity;sid:84465681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602582/; classtype:trojan-activity;sid:84465682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602583/; classtype:trojan-activity;sid:84465683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602584/; classtype:trojan-activity;sid:84465684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602585/; classtype:trojan-activity;sid:84465685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602586/; classtype:trojan-activity;sid:84465686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602587/; classtype:trojan-activity;sid:84465687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602588/; classtype:trojan-activity;sid:84465688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602589/; classtype:trojan-activity;sid:84465689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602566/; classtype:trojan-activity;sid:84465666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"121.127.231.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602565/; classtype:trojan-activity;sid:84465665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602560/; classtype:trojan-activity;sid:84465660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602561/; classtype:trojan-activity;sid:84465661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602562/; classtype:trojan-activity;sid:84465662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602563/; classtype:trojan-activity;sid:84465663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"94.142.138.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602564/; classtype:trojan-activity;sid:84465664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602558/; classtype:trojan-activity;sid:84465658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"87.121.84.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602559/; classtype:trojan-activity;sid:84465659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.131.90"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602557/; classtype:trojan-activity;sid:84465657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.66.185"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602556/; classtype:trojan-activity;sid:84465656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.219.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602555/; classtype:trojan-activity;sid:84465655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.222.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602554/; classtype:trojan-activity;sid:84465654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.247.137"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602553/; classtype:trojan-activity;sid:84465653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.51.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602552/; classtype:trojan-activity;sid:84465652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.0.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602551/; classtype:trojan-activity;sid:84465651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.126.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602550/; classtype:trojan-activity;sid:84465650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.19.185"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602549/; classtype:trojan-activity;sid:84465649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.225.113.59"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602548/; classtype:trojan-activity;sid:84465648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.173.173"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602547/; classtype:trojan-activity;sid:84465647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.169.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602546/; classtype:trojan-activity;sid:84465646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.113.77"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602545/; classtype:trojan-activity;sid:84465645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7125646839/2dfffkq.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602544/; classtype:trojan-activity;sid:84465644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.225.113.59"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602543/; classtype:trojan-activity;sid:84465643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602542/; classtype:trojan-activity;sid:84465642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.61.138"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602541/; classtype:trojan-activity;sid:84465641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.22.138"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602540/; classtype:trojan-activity;sid:84465640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"78.171.45.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602539/; classtype:trojan-activity;sid:84465639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.113.77"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602538/; classtype:trojan-activity;sid:84465638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.19.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602537/; classtype:trojan-activity;sid:84465637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.158.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602535/; classtype:trojan-activity;sid:84465635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.42.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602536/; classtype:trojan-activity;sid:84465636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.104.164"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602531/; classtype:trojan-activity;sid:84465631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.100.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602532/; classtype:trojan-activity;sid:84465632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.247.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602533/; classtype:trojan-activity;sid:84465633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.47.239"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602534/; classtype:trojan-activity;sid:84465634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.166.214.64"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602528/; classtype:trojan-activity;sid:84465628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.166.214.64"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602529/; classtype:trojan-activity;sid:84465629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.70.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602530/; classtype:trojan-activity;sid:84465630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.105.61"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602527/; classtype:trojan-activity;sid:84465627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.188.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602526/; classtype:trojan-activity;sid:84465626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.157.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602525/; classtype:trojan-activity;sid:84465625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/stel1.exe"; depth:17; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602524/; classtype:trojan-activity;sid:84465624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/akee.rar"; depth:16; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602522/; classtype:trojan-activity;sid:84465622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/anydesk.exe"; depth:19; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602519/; classtype:trojan-activity;sid:84465619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/akee.exe"; depth:16; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602520/; classtype:trojan-activity;sid:84465620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/wallet-clean-check.exe"; depth:30; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602521/; classtype:trojan-activity;sid:84465621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/ak123ee.rar"; depth:19; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602518/; classtype:trojan-activity;sid:84465618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/launcherhan.exe"; depth:23; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602515/; classtype:trojan-activity;sid:84465615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/akee2.exe"; depth:17; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602516/; classtype:trojan-activity;sid:84465616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/winring0x64.sys"; depth:23; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602517/; classtype:trojan-activity;sid:84465617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/confhmd.txt"; depth:19; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602513/; classtype:trojan-activity;sid:84465613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/runtimeborkerhan.exe"; depth:28; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602514/; classtype:trojan-activity;sid:84465614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/launcher2han.exe"; depth:24; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602511/; classtype:trojan-activity;sid:84465611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/moi2.bat"; depth:16; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602512/; classtype:trojan-activity;sid:84465612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/anyinstall.bat"; depth:22; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602510/; classtype:trojan-activity;sid:84465610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/runtimeborker2hmd.exe"; depth:29; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602509/; classtype:trojan-activity;sid:84465609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/runtimeborkerhmd.exe"; depth:28; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602508/; classtype:trojan-activity;sid:84465608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/moi2han.bat"; depth:19; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602506/; classtype:trojan-activity;sid:84465606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/netpass64.exe"; depth:21; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602507/; classtype:trojan-activity;sid:84465607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/moishan.ps1"; depth:19; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602503/; classtype:trojan-activity;sid:84465603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/network64.exe"; depth:21; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602504/; classtype:trojan-activity;sid:84465604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/anydeskbackdoor.ps1"; depth:27; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602505/; classtype:trojan-activity;sid:84465605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/moi%28old%29.bat"; depth:24; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602500/; classtype:trojan-activity;sid:84465600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/onsk.exe"; depth:16; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602501/; classtype:trojan-activity;sid:84465601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/conf2han%20-%20copie.txt"; depth:32; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602502/; classtype:trojan-activity;sid:84465602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/moi%28old%29.ps1"; depth:24; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602498/; classtype:trojan-activity;sid:84465598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/akee.ps1"; depth:16; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602499/; classtype:trojan-activity;sid:84465599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/conf2hmd.txt"; depth:20; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602496/; classtype:trojan-activity;sid:84465596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/conf2han.txt"; depth:20; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602497/; classtype:trojan-activity;sid:84465597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/mois.ps1"; depth:16; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602493/; classtype:trojan-activity;sid:84465593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/exefixer.reg"; depth:20; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602494/; classtype:trojan-activity;sid:84465594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimicr/moi.ps1"; depth:15; endswith; nocase; http.host; content:"rtost.duckdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602495/; classtype:trojan-activity;sid:84465595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.173.173"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602492/; classtype:trojan-activity;sid:84465592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.0.164"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602491/; classtype:trojan-activity;sid:84465591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.153.197"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602490/; classtype:trojan-activity;sid:84465590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602489/; classtype:trojan-activity;sid:84465589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm"; depth:13; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602488/; classtype:trojan-activity;sid:84465588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scanubs9420625fpdf.7z"; depth:22; endswith; nocase; http.host; content:"access.skaparade.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602487/; classtype:trojan-activity;sid:84465587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86_64"; depth:16; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602485/; classtype:trojan-activity;sid:84465585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602486/; classtype:trojan-activity;sid:84465586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602472/; classtype:trojan-activity;sid:84465572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/ppc"; depth:13; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602473/; classtype:trojan-activity;sid:84465573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm7"; depth:14; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602474/; classtype:trojan-activity;sid:84465574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602475/; classtype:trojan-activity;sid:84465575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm5"; depth:14; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602476/; classtype:trojan-activity;sid:84465576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm6"; depth:14; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602477/; classtype:trojan-activity;sid:84465577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602478/; classtype:trojan-activity;sid:84465578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/spc"; depth:13; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602479/; classtype:trojan-activity;sid:84465579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86"; depth:13; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602480/; classtype:trojan-activity;sid:84465580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/m68k"; depth:14; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602481/; classtype:trojan-activity;sid:84465581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mpsl"; depth:14; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602482/; classtype:trojan-activity;sid:84465582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602483/; classtype:trojan-activity;sid:84465583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/sh4"; depth:13; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602484/; classtype:trojan-activity;sid:84465584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.10.103"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602468/; classtype:trojan-activity;sid:84465568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/b4iqfukeg9grma0b2rg6f/vampirv1.exe|3f|rlkey=qvy8c7przdo28hrxo5yd6nnss|7c|26|7c|st=v56mri91|7c|26|7c|dl=1"; depth:112; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602469/; classtype:trojan-activity;sid:84465569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mips"; depth:14; endswith; nocase; http.host; content:"142.132.181.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602470/; classtype:trojan-activity;sid:84465570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"static.168.181.132.142.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602471/; classtype:trojan-activity;sid:84465571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.105.61"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602467/; classtype:trojan-activity;sid:84465567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.153.197"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602466/; classtype:trojan-activity;sid:84465566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.157.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602464/; classtype:trojan-activity;sid:84465564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.202.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602465/; classtype:trojan-activity;sid:84465565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.10.103"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602463/; classtype:trojan-activity;sid:84465563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.243.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602462/; classtype:trojan-activity;sid:84465562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.159.235"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602461/; classtype:trojan-activity;sid:84465561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.202.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602460/; classtype:trojan-activity;sid:84465560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.255.238.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602459/; classtype:trojan-activity;sid:84465559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.31.41"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602458/; classtype:trojan-activity;sid:84465558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.243.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602457/; classtype:trojan-activity;sid:84465557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.156.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602456/; classtype:trojan-activity;sid:84465556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.199.18"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602455/; classtype:trojan-activity;sid:84465555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.148.114"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602454/; classtype:trojan-activity;sid:84465554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.255.238.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602453/; classtype:trojan-activity;sid:84465553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.72.17"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602452/; classtype:trojan-activity;sid:84465552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.107.195"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602451/; classtype:trojan-activity;sid:84465551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.8.174"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602450/; classtype:trojan-activity;sid:84465550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zangraedshoong.nx"; depth:18; endswith; nocase; http.host; content:"95.164.53.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602448/; classtype:trojan-activity;sid:84465548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rtl120.bpl"; depth:11; endswith; nocase; http.host; content:"95.164.53.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602449/; classtype:trojan-activity;sid:84465549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/backup/qsn.lim"; depth:23; endswith; nocase; http.host; content:"zwieselerwaldhaus.de"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602447/; classtype:trojan-activity;sid:84465547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jpxjpibu.msi"; depth:13; endswith; nocase; http.host; content:"phone-nis-tu.club"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602446/; classtype:trojan-activity;sid:84465546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dev-cobalt.exe"; depth:15; endswith; nocase; http.host; content:"95.164.53.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602444/; classtype:trojan-activity;sid:84465544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vcl120.bpl"; depth:11; endswith; nocase; http.host; content:"95.164.53.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602445/; classtype:trojan-activity;sid:84465545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/focus.dll"; depth:10; endswith; nocase; http.host; content:"95.164.53.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602442/; classtype:trojan-activity;sid:84465542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temperature.dll"; depth:16; endswith; nocase; http.host; content:"95.164.53.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602443/; classtype:trojan-activity;sid:84465543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hardwarelib.dll"; depth:16; endswith; nocase; http.host; content:"95.164.53.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602439/; classtype:trojan-activity;sid:84465539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naebpesdog.dsw"; depth:15; endswith; nocase; http.host; content:"95.164.53.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602440/; classtype:trojan-activity;sid:84465540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webres.dll"; depth:11; endswith; nocase; http.host; content:"95.164.53.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602441/; classtype:trojan-activity;sid:84465541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.53.219"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602438/; classtype:trojan-activity;sid:84465538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.156.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602437/; classtype:trojan-activity;sid:84465537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602436/; classtype:trojan-activity;sid:84465536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.0.143"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602435/; classtype:trojan-activity;sid:84465535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.190.138"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602434/; classtype:trojan-activity;sid:84465534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.2.151"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602433/; classtype:trojan-activity;sid:84465533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.205.194.148"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602432/; classtype:trojan-activity;sid:84465532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.247.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602431/; classtype:trojan-activity;sid:84465531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602430/; classtype:trojan-activity;sid:84465530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.53.219"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602429/; classtype:trojan-activity;sid:84465529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602427/; classtype:trojan-activity;sid:84465527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mipsel"; depth:11; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602428/; classtype:trojan-activity;sid:84465528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602418/; classtype:trojan-activity;sid:84465518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.powerpc"; depth:12; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602419/; classtype:trojan-activity;sid:84465519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602420/; classtype:trojan-activity;sid:84465520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i586"; depth:9; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602421/; classtype:trojan-activity;sid:84465521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv7l"; depth:11; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602422/; classtype:trojan-activity;sid:84465522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv6l"; depth:11; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602423/; classtype:trojan-activity;sid:84465523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv4l"; depth:11; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602424/; classtype:trojan-activity;sid:84465524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv5l"; depth:11; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602425/; classtype:trojan-activity;sid:84465525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"87.121.84.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602426/; classtype:trojan-activity;sid:84465526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/link"; depth:5; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602413/; classtype:trojan-activity;sid:84465513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602414/; classtype:trojan-activity;sid:84465514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602415/; classtype:trojan-activity;sid:84465515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/mpsl"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602416/; classtype:trojan-activity;sid:84465516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602417/; classtype:trojan-activity;sid:84465517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/m68k"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602398/; classtype:trojan-activity;sid:84465498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/sh4"; depth:9; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602399/; classtype:trojan-activity;sid:84465499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/mips"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602400/; classtype:trojan-activity;sid:84465500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/arm6"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602401/; classtype:trojan-activity;sid:84465501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/x86"; depth:9; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602402/; classtype:trojan-activity;sid:84465502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/arm5"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602403/; classtype:trojan-activity;sid:84465503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/arm"; depth:9; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602404/; classtype:trojan-activity;sid:84465504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/arm7"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602405/; classtype:trojan-activity;sid:84465505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602406/; classtype:trojan-activity;sid:84465506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602407/; classtype:trojan-activity;sid:84465507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qnap"; depth:5; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602408/; classtype:trojan-activity;sid:84465508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/spc"; depth:9; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602409/; classtype:trojan-activity;sid:84465509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/x86_64"; depth:12; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602410/; classtype:trojan-activity;sid:84465510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602411/; classtype:trojan-activity;sid:84465511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602412/; classtype:trojan-activity;sid:84465512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.249.186"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602397/; classtype:trojan-activity;sid:84465497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/runtimes/k/vc_redist64.exe"; depth:27; endswith; nocase; http.host; content:"split.tg"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602396/; classtype:trojan-activity;sid:84465496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/892962105/aamltar.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602394/; classtype:trojan-activity;sid:84465494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet.sh"; depth:10; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602395/; classtype:trojan-activity;sid:84465495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.exe"; depth:11; endswith; nocase; http.host; content:"fticonsulting.info"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602393/; classtype:trojan-activity;sid:84465493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/direct/117f806a-c8e6-4a47-9712-fec6e601b579/wasabi-3.0.0.msi"; depth:70; endswith; nocase; http.host; content:"store3.gofile.io"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602392/; classtype:trojan-activity;sid:84465492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7771715588/1dlcikr.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602391/; classtype:trojan-activity;sid:84465491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602375/; classtype:trojan-activity;sid:84465475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xzbyv/btc_flash.exe"; depth:20; endswith; nocase; http.host; content:"bashupload.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602376/; classtype:trojan-activity;sid:84465476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602377/; classtype:trojan-activity;sid:84465477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602378/; classtype:trojan-activity;sid:84465478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602379/; classtype:trojan-activity;sid:84465479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602380/; classtype:trojan-activity;sid:84465480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602381/; classtype:trojan-activity;sid:84465481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602382/; classtype:trojan-activity;sid:84465482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6361558956/qwcfbw4.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602383/; classtype:trojan-activity;sid:84465483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602384/; classtype:trojan-activity;sid:84465484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602385/; classtype:trojan-activity;sid:84465485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602386/; classtype:trojan-activity;sid:84465486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602387/; classtype:trojan-activity;sid:84465487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602388/; classtype:trojan-activity;sid:84465488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602389/; classtype:trojan-activity;sid:84465489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8160143117/3cxh21b.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602390/; classtype:trojan-activity;sid:84465490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weird1337/mert-ovh/blob/main/mertovh"; depth:37; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602374/; classtype:trojan-activity;sid:84465474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1781548144/dwcupq0.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602371/; classtype:trojan-activity;sid:84465471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7956683102/hfyugkh.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602372/; classtype:trojan-activity;sid:84465472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/934727036/ymeceks.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602373/; classtype:trojan-activity;sid:84465473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.233.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602370/; classtype:trojan-activity;sid:84465470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.2.151"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602369/; classtype:trojan-activity;sid:84465469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.140.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602368/; classtype:trojan-activity;sid:84465468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.120.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602367/; classtype:trojan-activity;sid:84465467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.249.186"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602366/; classtype:trojan-activity;sid:84465466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.222.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602365/; classtype:trojan-activity;sid:84465465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.179.104"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602364/; classtype:trojan-activity;sid:84465464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.253.220"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602363/; classtype:trojan-activity;sid:84465463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.174.117.104"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602362/; classtype:trojan-activity;sid:84465462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.233.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602361/; classtype:trojan-activity;sid:84465461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"108.170.134.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602360/; classtype:trojan-activity;sid:84465460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.120.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602359/; classtype:trojan-activity;sid:84465459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.52.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602358/; classtype:trojan-activity;sid:84465458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.191.32.3"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602357/; classtype:trojan-activity;sid:84465457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.190.99"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602356/; classtype:trojan-activity;sid:84465456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.182.96"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602355/; classtype:trojan-activity;sid:84465455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.241.143.4"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602354/; classtype:trojan-activity;sid:84465454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.185.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602353/; classtype:trojan-activity;sid:84465453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.182.96"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602352/; classtype:trojan-activity;sid:84465452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.52.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602351/; classtype:trojan-activity;sid:84465451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.190.150"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602350/; classtype:trojan-activity;sid:84465450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.237.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602349/; classtype:trojan-activity;sid:84465449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.241.143.4"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602348/; classtype:trojan-activity;sid:84465448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.237.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602347/; classtype:trojan-activity;sid:84465447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.191.32.3"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602346/; classtype:trojan-activity;sid:84465446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.82.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602345/; classtype:trojan-activity;sid:84465445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.107.153"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602344/; classtype:trojan-activity;sid:84465444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.68.167"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602343/; classtype:trojan-activity;sid:84465443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.226.181"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602342/; classtype:trojan-activity;sid:84465442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.40.241.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602341/; classtype:trojan-activity;sid:84465441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.253.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602340/; classtype:trojan-activity;sid:84465440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.16.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602339/; classtype:trojan-activity;sid:84465439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.1.90"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602338/; classtype:trojan-activity;sid:84465438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.68.167"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602337/; classtype:trojan-activity;sid:84465437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.82.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602336/; classtype:trojan-activity;sid:84465436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.40.241.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602335/; classtype:trojan-activity;sid:84465435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.16.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602334/; classtype:trojan-activity;sid:84465434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.251.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602333/; classtype:trojan-activity;sid:84465433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.68.94.86"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602332/; classtype:trojan-activity;sid:84465432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.52.181.243"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602331/; classtype:trojan-activity;sid:84465431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.37.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602330/; classtype:trojan-activity;sid:84465430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.251.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602329/; classtype:trojan-activity;sid:84465429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.156.143.62"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602328/; classtype:trojan-activity;sid:84465428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.52.62"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602327/; classtype:trojan-activity;sid:84465427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.205.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602326/; classtype:trojan-activity;sid:84465426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.119.45.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602325/; classtype:trojan-activity;sid:84465425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.233.176"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602324/; classtype:trojan-activity;sid:84465424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.52.62"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602323/; classtype:trojan-activity;sid:84465423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.33"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602322/; classtype:trojan-activity;sid:84465422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.54"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602321/; classtype:trojan-activity;sid:84465421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.144.236"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602320/; classtype:trojan-activity;sid:84465420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.149.53"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602318/; classtype:trojan-activity;sid:84465418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.104.164"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602319/; classtype:trojan-activity;sid:84465419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602317/; classtype:trojan-activity;sid:84465417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.55.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602316/; classtype:trojan-activity;sid:84465416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.119.45.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602315/; classtype:trojan-activity;sid:84465415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.49.144"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602314/; classtype:trojan-activity;sid:84465414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.33"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602313/; classtype:trojan-activity;sid:84465413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.205.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602312/; classtype:trojan-activity;sid:84465412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.37.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602311/; classtype:trojan-activity;sid:84465411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.237.191"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602310/; classtype:trojan-activity;sid:84465410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.49.144"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602309/; classtype:trojan-activity;sid:84465409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.45.75.133"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602308/; classtype:trojan-activity;sid:84465408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.192.100"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602307/; classtype:trojan-activity;sid:84465407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"104.193.59.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602306/; classtype:trojan-activity;sid:84465406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.56.221"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602305/; classtype:trojan-activity;sid:84465405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"104.193.59.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602304/; classtype:trojan-activity;sid:84465404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.3.250"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602303/; classtype:trojan-activity;sid:84465403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.56.221"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602302/; classtype:trojan-activity;sid:84465402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.192.100"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602301/; classtype:trojan-activity;sid:84465401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.147.235"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602300/; classtype:trojan-activity;sid:84465400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.37.248"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602299/; classtype:trojan-activity;sid:84465399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.192.226.242"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602298/; classtype:trojan-activity;sid:84465398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.3.20"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602297/; classtype:trojan-activity;sid:84465397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.2.174"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602296/; classtype:trojan-activity;sid:84465396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.74.213"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602295/; classtype:trojan-activity;sid:84465395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.147.235"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602294/; classtype:trojan-activity;sid:84465394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.8.71"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602293/; classtype:trojan-activity;sid:84465393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.2.174"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602291/; classtype:trojan-activity;sid:84465391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.165.1"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602292/; classtype:trojan-activity;sid:84465392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.8.71"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602290/; classtype:trojan-activity;sid:84465390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.229.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602289/; classtype:trojan-activity;sid:84465389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.170.202.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602288/; classtype:trojan-activity;sid:84465388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.65.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602287/; classtype:trojan-activity;sid:84465387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.23.250"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602286/; classtype:trojan-activity;sid:84465386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.56.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602285/; classtype:trojan-activity;sid:84465385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.229.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602284/; classtype:trojan-activity;sid:84465384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.72.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602283/; classtype:trojan-activity;sid:84465383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.170.202.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602282/; classtype:trojan-activity;sid:84465382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.126.116"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602281/; classtype:trojan-activity;sid:84465381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.65.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602280/; classtype:trojan-activity;sid:84465380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.89.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602279/; classtype:trojan-activity;sid:84465379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.110.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602278/; classtype:trojan-activity;sid:84465378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.225.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602277/; classtype:trojan-activity;sid:84465377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.116.211"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602276/; classtype:trojan-activity;sid:84465376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.192.11"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602275/; classtype:trojan-activity;sid:84465375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.169.195"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602273/; classtype:trojan-activity;sid:84465373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.205.35.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602274/; classtype:trojan-activity;sid:84465374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.72.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602272/; classtype:trojan-activity;sid:84465372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.72.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602271/; classtype:trojan-activity;sid:84465371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.229.202.233"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602270/; classtype:trojan-activity;sid:84465370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602269/; classtype:trojan-activity;sid:84465369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602268/; classtype:trojan-activity;sid:84465368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602267/; classtype:trojan-activity;sid:84465367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602266/; classtype:trojan-activity;sid:84465366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602263/; classtype:trojan-activity;sid:84465363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602264/; classtype:trojan-activity;sid:84465364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602265/; classtype:trojan-activity;sid:84465365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602260/; classtype:trojan-activity;sid:84465360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602261/; classtype:trojan-activity;sid:84465361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602262/; classtype:trojan-activity;sid:84465362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602258/; classtype:trojan-activity;sid:84465358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"185.196.9.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602259/; classtype:trojan-activity;sid:84465359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602248/; classtype:trojan-activity;sid:84465348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602249/; classtype:trojan-activity;sid:84465349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602250/; classtype:trojan-activity;sid:84465350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602251/; classtype:trojan-activity;sid:84465351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602252/; classtype:trojan-activity;sid:84465352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602253/; classtype:trojan-activity;sid:84465353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602254/; classtype:trojan-activity;sid:84465354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602255/; classtype:trojan-activity;sid:84465355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602256/; classtype:trojan-activity;sid:84465356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602257/; classtype:trojan-activity;sid:84465357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602247/; classtype:trojan-activity;sid:84465347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.231.53"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602246/; classtype:trojan-activity;sid:84465346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.139.103"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602245/; classtype:trojan-activity;sid:84465345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.252.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602244/; classtype:trojan-activity;sid:84465344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.253.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602243/; classtype:trojan-activity;sid:84465343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"74.214.56.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602242/; classtype:trojan-activity;sid:84465342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.251.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602241/; classtype:trojan-activity;sid:84465341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.81.240"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602240/; classtype:trojan-activity;sid:84465340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.139.103"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602239/; classtype:trojan-activity;sid:84465339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.251.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602237/; classtype:trojan-activity;sid:84465337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.191.59.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602238/; classtype:trojan-activity;sid:84465338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.139.32"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602236/; classtype:trojan-activity;sid:84465336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.81.64"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602235/; classtype:trojan-activity;sid:84465335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.185.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602234/; classtype:trojan-activity;sid:84465334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.68.138"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602233/; classtype:trojan-activity;sid:84465333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.147.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602232/; classtype:trojan-activity;sid:84465332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.200.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602231/; classtype:trojan-activity;sid:84465331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.198.132.186"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602230/; classtype:trojan-activity;sid:84465330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.194.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602229/; classtype:trojan-activity;sid:84465329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.139.32"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602228/; classtype:trojan-activity;sid:84465328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.147.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602227/; classtype:trojan-activity;sid:84465327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.17.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602226/; classtype:trojan-activity;sid:84465326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.200.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602225/; classtype:trojan-activity;sid:84465325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.150.184"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602224/; classtype:trojan-activity;sid:84465324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.194.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602223/; classtype:trojan-activity;sid:84465323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.71.18.109"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602222/; classtype:trojan-activity;sid:84465322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.190.99"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602221/; classtype:trojan-activity;sid:84465321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.88.17"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602220/; classtype:trojan-activity;sid:84465320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.153.34.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602219/; classtype:trojan-activity;sid:84465319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.165.186.190"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602217/; classtype:trojan-activity;sid:84465317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.168.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602218/; classtype:trojan-activity;sid:84465318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602215/; classtype:trojan-activity;sid:84465315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602216/; classtype:trojan-activity;sid:84465316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602214/; classtype:trojan-activity;sid:84465314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602210/; classtype:trojan-activity;sid:84465310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602211/; classtype:trojan-activity;sid:84465311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602212/; classtype:trojan-activity;sid:84465312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602213/; classtype:trojan-activity;sid:84465313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.17.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602209/; classtype:trojan-activity;sid:84465309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.171.1"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602208/; classtype:trojan-activity;sid:84465308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.213.151.40"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602207/; classtype:trojan-activity;sid:84465307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.223.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602206/; classtype:trojan-activity;sid:84465306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.121.104"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602205/; classtype:trojan-activity;sid:84465305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.100.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602204/; classtype:trojan-activity;sid:84465304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.18.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602203/; classtype:trojan-activity;sid:84465303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.213.151.40"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602202/; classtype:trojan-activity;sid:84465302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.197.68"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602201/; classtype:trojan-activity;sid:84465301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.114.197"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602200/; classtype:trojan-activity;sid:84465300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.121.104"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602199/; classtype:trojan-activity;sid:84465299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.234.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602198/; classtype:trojan-activity;sid:84465298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.197.68"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602197/; classtype:trojan-activity;sid:84465297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.8.174"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602196/; classtype:trojan-activity;sid:84465296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.122.89"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602195/; classtype:trojan-activity;sid:84465295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.18.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602194/; classtype:trojan-activity;sid:84465294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.163.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602193/; classtype:trojan-activity;sid:84465293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.186.83"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602191/; classtype:trojan-activity;sid:84465291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.163.43"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602192/; classtype:trojan-activity;sid:84465292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.122.89"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602190/; classtype:trojan-activity;sid:84465290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.26.81.68"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602189/; classtype:trojan-activity;sid:84465289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.209.200"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602188/; classtype:trojan-activity;sid:84465288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.193.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602187/; classtype:trojan-activity;sid:84465287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.132.206"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602186/; classtype:trojan-activity;sid:84465286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.186.83"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602185/; classtype:trojan-activity;sid:84465285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.110.244"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602184/; classtype:trojan-activity;sid:84465284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.146.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602183/; classtype:trojan-activity;sid:84465283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.193.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602182/; classtype:trojan-activity;sid:84465282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602181/; classtype:trojan-activity;sid:84465281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.236.237"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602180/; classtype:trojan-activity;sid:84465280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.25.104.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602179/; classtype:trojan-activity;sid:84465279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.196.247"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602177/; classtype:trojan-activity;sid:84465277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.196.247"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602178/; classtype:trojan-activity;sid:84465278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.146.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602176/; classtype:trojan-activity;sid:84465276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.47.16"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602174/; classtype:trojan-activity;sid:84465274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.129"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602175/; classtype:trojan-activity;sid:84465275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.52.181.243"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602173/; classtype:trojan-activity;sid:84465273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.233.189"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602172/; classtype:trojan-activity;sid:84465272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.223.85"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602170/; classtype:trojan-activity;sid:84465270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.118.52.65"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602171/; classtype:trojan-activity;sid:84465271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"196.251.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602164/; classtype:trojan-activity;sid:84465264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"196.251.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602165/; classtype:trojan-activity;sid:84465265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"196.251.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602166/; classtype:trojan-activity;sid:84465266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"196.251.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602167/; classtype:trojan-activity;sid:84465267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"196.251.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602168/; classtype:trojan-activity;sid:84465268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm/"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602169/; classtype:trojan-activity;sid:84465269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.200.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602161/; classtype:trojan-activity;sid:84465261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.110.68"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602162/; classtype:trojan-activity;sid:84465262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.82.120.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602163/; classtype:trojan-activity;sid:84465263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.227.78"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602160/; classtype:trojan-activity;sid:84465260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"134.209.205.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602145/; classtype:trojan-activity;sid:84465245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"134.209.205.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602146/; classtype:trojan-activity;sid:84465246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"134.209.205.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602147/; classtype:trojan-activity;sid:84465247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"134.209.205.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602148/; classtype:trojan-activity;sid:84465248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"134.209.205.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602149/; classtype:trojan-activity;sid:84465249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"134.209.205.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602150/; classtype:trojan-activity;sid:84465250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"134.209.205.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602151/; classtype:trojan-activity;sid:84465251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"134.209.205.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602152/; classtype:trojan-activity;sid:84465252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"134.209.205.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602153/; classtype:trojan-activity;sid:84465253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"196.251.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602154/; classtype:trojan-activity;sid:84465254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"196.251.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602155/; classtype:trojan-activity;sid:84465255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"196.251.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602156/; classtype:trojan-activity;sid:84465256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"196.251.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602157/; classtype:trojan-activity;sid:84465257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"196.251.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602158/; classtype:trojan-activity;sid:84465258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"196.251.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602159/; classtype:trojan-activity;sid:84465259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.170.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602144/; classtype:trojan-activity;sid:84465244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.218.161"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602142/; classtype:trojan-activity;sid:84465242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.37.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602143/; classtype:trojan-activity;sid:84465243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.227.78"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602141/; classtype:trojan-activity;sid:84465241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.100.231"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602138/; classtype:trojan-activity;sid:84465238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.149.142"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602139/; classtype:trojan-activity;sid:84465239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.82.120.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602140/; classtype:trojan-activity;sid:84465240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/arm7"; depth:21; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602135/; classtype:trojan-activity;sid:84465235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.7.140"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602136/; classtype:trojan-activity;sid:84465236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.87.13"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602137/; classtype:trojan-activity;sid:84465237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/sh4"; depth:20; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602127/; classtype:trojan-activity;sid:84465227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/arm5"; depth:21; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602128/; classtype:trojan-activity;sid:84465228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/arm4"; depth:21; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602129/; classtype:trojan-activity;sid:84465229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/ppc"; depth:20; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602130/; classtype:trojan-activity;sid:84465230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602131/; classtype:trojan-activity;sid:84465231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/arc"; depth:20; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602132/; classtype:trojan-activity;sid:84465232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/arm6"; depth:21; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602133/; classtype:trojan-activity;sid:84465233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"108.170.134.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602134/; classtype:trojan-activity;sid:84465234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaxa"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602123/; classtype:trojan-activity;sid:84465223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/mpsl"; depth:21; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602124/; classtype:trojan-activity;sid:84465224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/m68k"; depth:21; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602125/; classtype:trojan-activity;sid:84465225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/spc"; depth:20; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602126/; classtype:trojan-activity;sid:84465226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/c.sh"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602122/; classtype:trojan-activity;sid:84465222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602121/; classtype:trojan-activity;sid:84465221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602119/; classtype:trojan-activity;sid:84465219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602120/; classtype:trojan-activity;sid:84465220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.218.161"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602118/; classtype:trojan-activity;sid:84465218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602117/; classtype:trojan-activity;sid:84465217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602116/; classtype:trojan-activity;sid:84465216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602115/; classtype:trojan-activity;sid:84465215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602112/; classtype:trojan-activity;sid:84465212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602113/; classtype:trojan-activity;sid:84465213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602114/; classtype:trojan-activity;sid:84465214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/bins.sh"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602111/; classtype:trojan-activity;sid:84465211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/wget.sh"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602110/; classtype:trojan-activity;sid:84465210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/z.sh"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602109/; classtype:trojan-activity;sid:84465209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/asd"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602108/; classtype:trojan-activity;sid:84465208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/fdgsfg"; depth:9; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602107/; classtype:trojan-activity;sid:84465207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdt"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602106/; classtype:trojan-activity;sid:84465206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5"; depth:3; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602100/; classtype:trojan-activity;sid:84465200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lll"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602101/; classtype:trojan-activity;sid:84465201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdgsfg"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602102/; classtype:trojan-activity;sid:84465202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602103/; classtype:trojan-activity;sid:84465203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602104/; classtype:trojan-activity;sid:84465204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vc"; depth:3; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602105/; classtype:trojan-activity;sid:84465205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602094/; classtype:trojan-activity;sid:84465194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602095/; classtype:trojan-activity;sid:84465195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/adb"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602096/; classtype:trojan-activity;sid:84465196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/av.sh"; depth:8; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602097/; classtype:trojan-activity;sid:84465197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/test.sh"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602098/; classtype:trojan-activity;sid:84465198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/jaws"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602099/; classtype:trojan-activity;sid:84465199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/multi"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602089/; classtype:trojan-activity;sid:84465189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602090/; classtype:trojan-activity;sid:84465190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602091/; classtype:trojan-activity;sid:84465191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/g"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602092/; classtype:trojan-activity;sid:84465192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/ipc"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602093/; classtype:trojan-activity;sid:84465193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/b"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602085/; classtype:trojan-activity;sid:84465185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ru.sh"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602086/; classtype:trojan-activity;sid:84465186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.170.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602087/; classtype:trojan-activity;sid:84465187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.100.231"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602088/; classtype:trojan-activity;sid:84465188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/vc"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602071/; classtype:trojan-activity;sid:84465171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/bx"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602072/; classtype:trojan-activity;sid:84465172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602073/; classtype:trojan-activity;sid:84465173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/lll"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602074/; classtype:trojan-activity;sid:84465174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asd"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602075/; classtype:trojan-activity;sid:84465175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.sh"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602076/; classtype:trojan-activity;sid:84465176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602077/; classtype:trojan-activity;sid:84465177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.sh"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602078/; classtype:trojan-activity;sid:84465178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/gocl"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602079/; classtype:trojan-activity;sid:84465179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mag"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602080/; classtype:trojan-activity;sid:84465180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602081/; classtype:trojan-activity;sid:84465181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q"; depth:2; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602082/; classtype:trojan-activity;sid:84465182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e"; depth:2; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602083/; classtype:trojan-activity;sid:84465183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/irz"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602084/; classtype:trojan-activity;sid:84465184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602070/; classtype:trojan-activity;sid:84465170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/f5"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602057/; classtype:trojan-activity;sid:84465157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602058/; classtype:trojan-activity;sid:84465158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/sdt"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602059/; classtype:trojan-activity;sid:84465159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/aaa"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602060/; classtype:trojan-activity;sid:84465160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602061/; classtype:trojan-activity;sid:84465161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/fb"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602062/; classtype:trojan-activity;sid:84465162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/mag"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602063/; classtype:trojan-activity;sid:84465163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tp"; depth:3; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602064/; classtype:trojan-activity;sid:84465164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/linksys"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602065/; classtype:trojan-activity;sid:84465165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602066/; classtype:trojan-activity;sid:84465166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602067/; classtype:trojan-activity;sid:84465167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602068/; classtype:trojan-activity;sid:84465168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.222.250"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602069/; classtype:trojan-activity;sid:84465169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/ruck"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602054/; classtype:trojan-activity;sid:84465154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zz"; depth:3; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602055/; classtype:trojan-activity;sid:84465155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602056/; classtype:trojan-activity;sid:84465156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/multi"; depth:8; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602044/; classtype:trojan-activity;sid:84465144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602045/; classtype:trojan-activity;sid:84465145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602046/; classtype:trojan-activity;sid:84465146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602047/; classtype:trojan-activity;sid:84465147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602048/; classtype:trojan-activity;sid:84465148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/xaxa"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602049/; classtype:trojan-activity;sid:84465149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602050/; classtype:trojan-activity;sid:84465150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602051/; classtype:trojan-activity;sid:84465151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/toto"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602052/; classtype:trojan-activity;sid:84465152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/zz"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602053/; classtype:trojan-activity;sid:84465153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/create.py"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602031/; classtype:trojan-activity;sid:84465131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602032/; classtype:trojan-activity;sid:84465132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb"; depth:3; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602033/; classtype:trojan-activity;sid:84465133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/k.sh"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602034/; classtype:trojan-activity;sid:84465134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/li"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602035/; classtype:trojan-activity;sid:84465135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/get.sh"; depth:9; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602036/; classtype:trojan-activity;sid:84465136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.sh"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602037/; classtype:trojan-activity;sid:84465137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.27.168"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602038/; classtype:trojan-activity;sid:84465138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.87.13"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602039/; classtype:trojan-activity;sid:84465139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toto"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602040/; classtype:trojan-activity;sid:84465140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602041/; classtype:trojan-activity;sid:84465141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/weed"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602042/; classtype:trojan-activity;sid:84465142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/w.sh"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602043/; classtype:trojan-activity;sid:84465143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/mpsl"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602030/; classtype:trojan-activity;sid:84465130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.82.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602027/; classtype:trojan-activity;sid:84465127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/arm7"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602028/; classtype:trojan-activity;sid:84465128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/x86_64"; depth:9; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602029/; classtype:trojan-activity;sid:84465129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/runtime"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602025/; classtype:trojan-activity;sid:84465125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/m68k"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602026/; classtype:trojan-activity;sid:84465126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/mips"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602019/; classtype:trojan-activity;sid:84465119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/arm6"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602020/; classtype:trojan-activity;sid:84465120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/x86_64"; depth:12; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602021/; classtype:trojan-activity;sid:84465121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/x86"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602022/; classtype:trojan-activity;sid:84465122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/arm7"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602023/; classtype:trojan-activity;sid:84465123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.107.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602024/; classtype:trojan-activity;sid:84465124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/sh4"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602015/; classtype:trojan-activity;sid:84465115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/arm"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602016/; classtype:trojan-activity;sid:84465116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/arm5"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602017/; classtype:trojan-activity;sid:84465117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rtz"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602018/; classtype:trojan-activity;sid:84465118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/ppc"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602009/; classtype:trojan-activity;sid:84465109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/mpsl"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602010/; classtype:trojan-activity;sid:84465110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/arm6"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602011/; classtype:trojan-activity;sid:84465111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/spc"; depth:6; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602012/; classtype:trojan-activity;sid:84465112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/mips"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602013/; classtype:trojan-activity;sid:84465113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/debug.dbg"; depth:12; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602014/; classtype:trojan-activity;sid:84465114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.222.250"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602008/; classtype:trojan-activity;sid:84465108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.107.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602007/; classtype:trojan-activity;sid:84465107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.27.168"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602006/; classtype:trojan-activity;sid:84465106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.x86_64"; depth:13; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602005/; classtype:trojan-activity;sid:84465105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tp"; depth:3; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602004/; classtype:trojan-activity;sid:84465104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602003/; classtype:trojan-activity;sid:84465103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz.sh"; depth:8; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602002/; classtype:trojan-activity;sid:84465102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.82.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602001/; classtype:trojan-activity;sid:84465101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.76.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3602000/; classtype:trojan-activity;sid:84465100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.arm7"; depth:11; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601999/; classtype:trojan-activity;sid:84465099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.ppc"; depth:10; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601973/; classtype:trojan-activity;sid:84465073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601974/; classtype:trojan-activity;sid:84465074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.mips"; depth:11; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601975/; classtype:trojan-activity;sid:84465075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.m68k"; depth:11; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601976/; classtype:trojan-activity;sid:84465076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.mpsl"; depth:11; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601977/; classtype:trojan-activity;sid:84465077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.spc"; depth:10; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601978/; classtype:trojan-activity;sid:84465078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601979/; classtype:trojan-activity;sid:84465079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.sh4"; depth:10; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601980/; classtype:trojan-activity;sid:84465080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.133.23"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601981/; classtype:trojan-activity;sid:84465081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601982/; classtype:trojan-activity;sid:84465082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601983/; classtype:trojan-activity;sid:84465083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.i686"; depth:11; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601984/; classtype:trojan-activity;sid:84465084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601985/; classtype:trojan-activity;sid:84465085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601986/; classtype:trojan-activity;sid:84465086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.arc"; depth:10; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601987/; classtype:trojan-activity;sid:84465087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601988/; classtype:trojan-activity;sid:84465088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601989/; classtype:trojan-activity;sid:84465089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601990/; classtype:trojan-activity;sid:84465090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601991/; classtype:trojan-activity;sid:84465091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601992/; classtype:trojan-activity;sid:84465092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.i686"; depth:11; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601993/; classtype:trojan-activity;sid:84465093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601994/; classtype:trojan-activity;sid:84465094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.21.201"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601995/; classtype:trojan-activity;sid:84465095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.arc"; depth:10; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601996/; classtype:trojan-activity;sid:84465096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601997/; classtype:trojan-activity;sid:84465097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jack5tr.sh"; depth:11; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601998/; classtype:trojan-activity;sid:84465098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601967/; classtype:trojan-activity;sid:84465067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.arm"; depth:10; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601968/; classtype:trojan-activity;sid:84465068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.arm5"; depth:11; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601969/; classtype:trojan-activity;sid:84465069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.arm6"; depth:11; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601970/; classtype:trojan-activity;sid:84465070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601971/; classtype:trojan-activity;sid:84465071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.x86"; depth:10; endswith; nocase; http.host; content:"dudn.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601972/; classtype:trojan-activity;sid:84465072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"condiv5.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601966/; classtype:trojan-activity;sid:84465066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601964/; classtype:trojan-activity;sid:84465064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601965/; classtype:trojan-activity;sid:84465065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601962/; classtype:trojan-activity;sid:84465062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601963/; classtype:trojan-activity;sid:84465063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.110.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601960/; classtype:trojan-activity;sid:84465060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.133.23"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601961/; classtype:trojan-activity;sid:84465061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601958/; classtype:trojan-activity;sid:84465058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601959/; classtype:trojan-activity;sid:84465059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601956/; classtype:trojan-activity;sid:84465056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601957/; classtype:trojan-activity;sid:84465057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.83.163.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601955/; classtype:trojan-activity;sid:84465055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.73.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601951/; classtype:trojan-activity;sid:84465051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601952/; classtype:trojan-activity;sid:84465052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601953/; classtype:trojan-activity;sid:84465053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay"; depth:4; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601954/; classtype:trojan-activity;sid:84465054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.sh"; depth:8; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601949/; classtype:trojan-activity;sid:84465049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601950/; classtype:trojan-activity;sid:84465050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601945/; classtype:trojan-activity;sid:84465045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601946/; classtype:trojan-activity;sid:84465046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601947/; classtype:trojan-activity;sid:84465047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601948/; classtype:trojan-activity;sid:84465048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601933/; classtype:trojan-activity;sid:84465033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.sh"; depth:8; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601934/; classtype:trojan-activity;sid:84465034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay"; depth:4; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601935/; classtype:trojan-activity;sid:84465035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601936/; classtype:trojan-activity;sid:84465036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601937/; classtype:trojan-activity;sid:84465037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601938/; classtype:trojan-activity;sid:84465038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601939/; classtype:trojan-activity;sid:84465039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601940/; classtype:trojan-activity;sid:84465040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601941/; classtype:trojan-activity;sid:84465041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"acheminement-mr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601942/; classtype:trojan-activity;sid:84465042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601943/; classtype:trojan-activity;sid:84465043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601944/; classtype:trojan-activity;sid:84465044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601932/; classtype:trojan-activity;sid:84465032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.191.96"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601930/; classtype:trojan-activity;sid:84465030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/o.xml"; depth:11; endswith; nocase; http.host; content:"cnnetwork.uk"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601929/; classtype:trojan-activity;sid:84465029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.110.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601928/; classtype:trojan-activity;sid:84465028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.123.6"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601927/; classtype:trojan-activity;sid:84465027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/2117628369/tbze6v1.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601926/; classtype:trojan-activity;sid:84465026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.77.146.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601925/; classtype:trojan-activity;sid:84465025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601924/; classtype:trojan-activity;sid:84465024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.73.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601920/; classtype:trojan-activity;sid:84465020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601921/; classtype:trojan-activity;sid:84465021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601922/; classtype:trojan-activity;sid:84465022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601923/; classtype:trojan-activity;sid:84465023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.83.163.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601917/; classtype:trojan-activity;sid:84465017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601918/; classtype:trojan-activity;sid:84465018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601919/; classtype:trojan-activity;sid:84465019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/ohshit.sh"; depth:20; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601916/; classtype:trojan-activity;sid:84465016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.231.53"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601915/; classtype:trojan-activity;sid:84465015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601911/; classtype:trojan-activity;sid:84465011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601912/; classtype:trojan-activity;sid:84465012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601913/; classtype:trojan-activity;sid:84465013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601914/; classtype:trojan-activity;sid:84465014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.148.224.26"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601910/; classtype:trojan-activity;sid:84465010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.137.179"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601908/; classtype:trojan-activity;sid:84465008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"megaboy.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601909/; classtype:trojan-activity;sid:84465009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.109.204.25"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601905/; classtype:trojan-activity;sid:84465005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.0.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601906/; classtype:trojan-activity;sid:84465006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.69.61.237"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601907/; classtype:trojan-activity;sid:84465007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601902/; classtype:trojan-activity;sid:84465002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"103.191.63.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601903/; classtype:trojan-activity;sid:84465003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601904/; classtype:trojan-activity;sid:84465004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.77.146.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601901/; classtype:trojan-activity;sid:84465001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.221.32"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601900/; classtype:trojan-activity;sid:84465000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601899/; classtype:trojan-activity;sid:84464999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.228.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601897/; classtype:trojan-activity;sid:84464997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24/items/wp4096799-lost-in-space-wallpapers_20250621_1447/wp4096799-lost-in-space-wallpapers.jpg"; depth:97; endswith; nocase; http.host; content:"ia600907.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601898/; classtype:trojan-activity;sid:84464998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.44.79"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601895/; classtype:trojan-activity;sid:84464995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/cv/wp4096799-lost-in-space-wallpapers.jpg"; depth:48; endswith; nocase; http.host; content:"109.230.231.17"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601896/; classtype:trojan-activity;sid:84464996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.82.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601894/; classtype:trojan-activity;sid:84464994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ireufhgf3/pay1.mp4"; depth:19; endswith; nocase; http.host; content:"update-host-one.top"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601892/; classtype:trojan-activity;sid:84464992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601893/; classtype:trojan-activity;sid:84464993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/wp4096799-lost-in-space-wallpapers_20250624/wp4096799-lost-in-space-wallpapers.jpg"; depth:92; endswith; nocase; http.host; content:"archive.org"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601891/; classtype:trojan-activity;sid:84464991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601890/; classtype:trojan-activity;sid:84464990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601889/; classtype:trojan-activity;sid:84464989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601888/; classtype:trojan-activity;sid:84464988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.82.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601884/; classtype:trojan-activity;sid:84464984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601885/; classtype:trojan-activity;sid:84464985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601886/; classtype:trojan-activity;sid:84464986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taga/image.jpg"; depth:15; endswith; nocase; http.host; content:"server-data-client-lntl.cloud"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601887/; classtype:trojan-activity;sid:84464987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7887437310/j1x0sax.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601883/; classtype:trojan-activity;sid:84464983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/timer.jquery.js"; depth:19; endswith; nocase; http.host; content:"hope2cooling.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601881/; classtype:trojan-activity;sid:84464981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601882/; classtype:trojan-activity;sid:84464982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.137.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601880/; classtype:trojan-activity;sid:84464980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.163.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601877/; classtype:trojan-activity;sid:84464977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.236.164"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601878/; classtype:trojan-activity;sid:84464978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.6.195"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601879/; classtype:trojan-activity;sid:84464979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601876/; classtype:trojan-activity;sid:84464976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.234.72.102"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601870/; classtype:trojan-activity;sid:84464970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.191.96"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601871/; classtype:trojan-activity;sid:84464971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601872/; classtype:trojan-activity;sid:84464972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6868218844/ftxmspj.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601873/; classtype:trojan-activity;sid:84464973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.48.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601874/; classtype:trojan-activity;sid:84464974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0/items/wp4096799-lost-in-space-wallpapers_20250621_1447/wp4096799-lost-in-space-wallpapers.jpg"; depth:96; endswith; nocase; http.host; content:"dn721503.ca.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601875/; classtype:trojan-activity;sid:84464975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.178.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601865/; classtype:trojan-activity;sid:84464965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"185.132.53.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601866/; classtype:trojan-activity;sid:84464966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.79.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601867/; classtype:trojan-activity;sid:84464967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.135.39"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601868/; classtype:trojan-activity;sid:84464968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.90.204"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601869/; classtype:trojan-activity;sid:84464969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; depth:77; endswith; nocase; http.host; content:"dash.grovespras.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601863/; classtype:trojan-activity;sid:84464963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.170.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601864/; classtype:trojan-activity;sid:84464964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/wpcvb-in-space-washpers.jpg"; depth:32; endswith; nocase; http.host; content:"doublemanfs.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601860/; classtype:trojan-activity;sid:84464960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601861/; classtype:trojan-activity;sid:84464961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"185.132.53.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601862/; classtype:trojan-activity;sid:84464962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; depth:77; endswith; nocase; http.host; content:"blog.grovespras.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601855/; classtype:trojan-activity;sid:84464955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0/items/wp4096799-lost-in-space-wallpapers_20250624_1601/wp4096799-lost-in-space-wallpapers.jpg"; depth:96; endswith; nocase; http.host; content:"dn721707.ca.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601856/; classtype:trojan-activity;sid:84464956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/download/macos/release"; depth:27; endswith; nocase; http.host; content:"kgogowfwef.live"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601857/; classtype:trojan-activity;sid:84464957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.156.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601858/; classtype:trojan-activity;sid:84464958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.97.239"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601859/; classtype:trojan-activity;sid:84464959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"185.132.53.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601851/; classtype:trojan-activity;sid:84464951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rhnda.mp4"; depth:10; endswith; nocase; http.host; content:"wendystream.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601852/; classtype:trojan-activity;sid:84464952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.97.239"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601853/; classtype:trojan-activity;sid:84464953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; depth:77; endswith; nocase; http.host; content:"wp.grovespras.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601854/; classtype:trojan-activity;sid:84464954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.119.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601846/; classtype:trojan-activity;sid:84464946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601847/; classtype:trojan-activity;sid:84464947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.48.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601848/; classtype:trojan-activity;sid:84464948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601849/; classtype:trojan-activity;sid:84464949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601850/; classtype:trojan-activity;sid:84464950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.123.6"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601840/; classtype:trojan-activity;sid:84464940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/debug"; depth:21; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601841/; classtype:trojan-activity;sid:84464941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a6919ee0-594b-4ed4-bb4e-18d0fcaaadb7"; depth:37; endswith; nocase; http.host; content:"192.227.153.89"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601842/; classtype:trojan-activity;sid:84464942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.56.240"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601843/; classtype:trojan-activity;sid:84464943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.235.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601844/; classtype:trojan-activity;sid:84464944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.54.73"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601845/; classtype:trojan-activity;sid:84464945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601832/; classtype:trojan-activity;sid:84464932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601833/; classtype:trojan-activity;sid:84464933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.92.3"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601834/; classtype:trojan-activity;sid:84464934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.22.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601835/; classtype:trojan-activity;sid:84464935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.231.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601836/; classtype:trojan-activity;sid:84464936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.8.108"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601837/; classtype:trojan-activity;sid:84464937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601838/; classtype:trojan-activity;sid:84464938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.83.129"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601839/; classtype:trojan-activity;sid:84464939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.208.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601828/; classtype:trojan-activity;sid:84464928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.165.186.190"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601829/; classtype:trojan-activity;sid:84464929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.23.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601830/; classtype:trojan-activity;sid:84464930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/wp4096799-lost-in-space-wallpapers_20250621_1447/wp4096799-lost-in-space-wallpapers.jpg"; depth:97; endswith; nocase; http.host; content:"archive.org"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601831/; classtype:trojan-activity;sid:84464931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6868218844/dkygknh.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601823/; classtype:trojan-activity;sid:84464923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.250.112"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601824/; classtype:trojan-activity;sid:84464924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/cb/wp4096799-lost-in-space-wallpapers.jpg"; depth:48; endswith; nocase; http.host; content:"149.154.158.50"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601825/; classtype:trojan-activity;sid:84464925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.234.72.102"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601826/; classtype:trojan-activity;sid:84464926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.32.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601827/; classtype:trojan-activity;sid:84464927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.92.60"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601819/; classtype:trojan-activity;sid:84464919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"185.132.53.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601820/; classtype:trojan-activity;sid:84464920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"185.132.53.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601821/; classtype:trojan-activity;sid:84464921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.44.79"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601822/; classtype:trojan-activity;sid:84464922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.221.92"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601816/; classtype:trojan-activity;sid:84464916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.122.127"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601817/; classtype:trojan-activity;sid:84464917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"185.132.53.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601818/; classtype:trojan-activity;sid:84464918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.56.240"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601809/; classtype:trojan-activity;sid:84464909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5200490-e0fd-4c27-8662-86513d2ad1ee"; depth:37; endswith; nocase; http.host; content:"192.227.153.89"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601810/; classtype:trojan-activity;sid:84464910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.80.61"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601811/; classtype:trojan-activity;sid:84464911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.119.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601812/; classtype:trojan-activity;sid:84464912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/68548eff54ec480011257cb7/7a32b5d0-5327-42dc-8788-ca25d7330039---wp4096799-lost-in-space-wallpapers.jpg"; depth:110; endswith; nocase; http.host; content:"cdn.tagbox.io"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601813/; classtype:trojan-activity;sid:84464913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.237.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601814/; classtype:trojan-activity;sid:84464914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.160.201"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601815/; classtype:trojan-activity;sid:84464915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.79.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601806/; classtype:trojan-activity;sid:84464906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.22.138"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601807/; classtype:trojan-activity;sid:84464907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601808/; classtype:trojan-activity;sid:84464908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28/items/wp4096799-lost-in-space-wallpapers_20250624_1601/wp4096799-lost-in-space-wallpapers.jpg"; depth:97; endswith; nocase; http.host; content:"ia801509.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601803/; classtype:trojan-activity;sid:84464903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601804/; classtype:trojan-activity;sid:84464904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.178.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601805/; classtype:trojan-activity;sid:84464905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.154.49"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601798/; classtype:trojan-activity;sid:84464898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.250.112"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601799/; classtype:trojan-activity;sid:84464899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.127.47"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601800/; classtype:trojan-activity;sid:84464900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.120.230"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601801/; classtype:trojan-activity;sid:84464901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/alpha_aexo.jpg"; depth:18; endswith; nocase; http.host; content:"doublemanfs.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601802/; classtype:trojan-activity;sid:84464902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.27.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601795/; classtype:trojan-activity;sid:84464895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.245.245"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601796/; classtype:trojan-activity;sid:84464896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/68548eff54ec480011257cb7/191b078a-4e57-4302-a2a0-c69c456c2a67---wp4096799-lost-in-space-wallpapers.jpg"; depth:110; endswith; nocase; http.host; content:"cdn.tagbox.io"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601797/; classtype:trojan-activity;sid:84464897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"185.132.53.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601791/; classtype:trojan-activity;sid:84464891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.9.24"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601792/; classtype:trojan-activity;sid:84464892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.27.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601793/; classtype:trojan-activity;sid:84464893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"185.132.53.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601794/; classtype:trojan-activity;sid:84464894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.135.39"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601789/; classtype:trojan-activity;sid:84464889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.235.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601790/; classtype:trojan-activity;sid:84464890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.209.200"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601779/; classtype:trojan-activity;sid:84464879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.49.5"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601780/; classtype:trojan-activity;sid:84464880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601781/; classtype:trojan-activity;sid:84464881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.109.159.183"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601782/; classtype:trojan-activity;sid:84464882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.160.201"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601783/; classtype:trojan-activity;sid:84464883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.22.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601784/; classtype:trojan-activity;sid:84464884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.231.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601785/; classtype:trojan-activity;sid:84464885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6175558569/etcswxz.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601786/; classtype:trojan-activity;sid:84464886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8052963817/a9pkgxk.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601787/; classtype:trojan-activity;sid:84464887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601788/; classtype:trojan-activity;sid:84464888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.137.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601770/; classtype:trojan-activity;sid:84464870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.150.3"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601771/; classtype:trojan-activity;sid:84464871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.22.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601772/; classtype:trojan-activity;sid:84464872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.221.32"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601773/; classtype:trojan-activity;sid:84464873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.170.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601774/; classtype:trojan-activity;sid:84464874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.245.245"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601775/; classtype:trojan-activity;sid:84464875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.92.3"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601776/; classtype:trojan-activity;sid:84464876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.122.127"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601777/; classtype:trojan-activity;sid:84464877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.102.166.139"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601778/; classtype:trojan-activity;sid:84464878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.137.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601762/; classtype:trojan-activity;sid:84464862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.197.236"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601763/; classtype:trojan-activity;sid:84464863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.182.250"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601764/; classtype:trojan-activity;sid:84464864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.202.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601765/; classtype:trojan-activity;sid:84464865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.119.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601766/; classtype:trojan-activity;sid:84464866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.14.221"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601767/; classtype:trojan-activity;sid:84464867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.197.236"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601768/; classtype:trojan-activity;sid:84464868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.156.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601769/; classtype:trojan-activity;sid:84464869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps.exe"; depth:7; endswith; nocase; http.host; content:"192.227.153.89"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601760/; classtype:trojan-activity;sid:84464860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601761/; classtype:trojan-activity;sid:84464861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/68548eff54ec480011257cb7/354c211c-01a4-42ee-8dce-73aefb64ba15---wp4096799-lost-in-space-wallpapers.jpg"; depth:110; endswith; nocase; http.host; content:"cdn.tagbox.io"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601759/; classtype:trojan-activity;sid:84464859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24/items/wp4096799-lost-in-space-wallpapers_20250621_1447/wp4096799-lost-in-space-wallpapers.jpg"; depth:97; endswith; nocase; http.host; content:"ia800907.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601758/; classtype:trojan-activity;sid:84464858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/download/applescript|3f|tag=release"; depth:40; endswith; nocase; http.host; content:"kgogowfwef.live"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601756/; classtype:trojan-activity;sid:84464856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/download/macho|3f|tag=release"; depth:34; endswith; nocase; http.host; content:"kgogowfwef.live"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601757/; classtype:trojan-activity;sid:84464857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28/items/wp4096799-lost-in-space-wallpapers_20250624_1601/wp4096799-lost-in-space-wallpapers.jpg"; depth:97; endswith; nocase; http.host; content:"ia601509.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601751/; classtype:trojan-activity;sid:84464851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601752/; classtype:trojan-activity;sid:84464852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.sh"; depth:5; endswith; nocase; http.host; content:"s3o-cnc.ddns.net"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601753/; classtype:trojan-activity;sid:84464853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/54ca8dbd-b8fd-42e8-b67a-bfb54ccc7fa4"; depth:37; endswith; nocase; http.host; content:"192.227.153.89"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601754/; classtype:trojan-activity;sid:84464854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"185.132.53.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601755/; classtype:trojan-activity;sid:84464855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.74.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601750/; classtype:trojan-activity;sid:84464850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.19.169"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601749/; classtype:trojan-activity;sid:84464849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.51.126"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601748/; classtype:trojan-activity;sid:84464848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.0.164"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601745/; classtype:trojan-activity;sid:84464845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.104.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601746/; classtype:trojan-activity;sid:84464846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.6.178"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601747/; classtype:trojan-activity;sid:84464847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.153.34.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601744/; classtype:trojan-activity;sid:84464844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.214.141"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601742/; classtype:trojan-activity;sid:84464842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.230.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601743/; classtype:trojan-activity;sid:84464843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.179.104"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601741/; classtype:trojan-activity;sid:84464841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.154.49"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601740/; classtype:trojan-activity;sid:84464840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.202.148"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601739/; classtype:trojan-activity;sid:84464839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.120.230"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601738/; classtype:trojan-activity;sid:84464838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.92.181"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601737/; classtype:trojan-activity;sid:84464837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.49.5"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601736/; classtype:trojan-activity;sid:84464836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.8.108"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601735/; classtype:trojan-activity;sid:84464835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.92.181"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601734/; classtype:trojan-activity;sid:84464834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.150.254"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601733/; classtype:trojan-activity;sid:84464833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r_loc.exe"; depth:10; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601732/; classtype:trojan-activity;sid:84464832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run5.exe"; depth:9; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601731/; classtype:trojan-activity;sid:84464831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.exe"; depth:6; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601729/; classtype:trojan-activity;sid:84464829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run6.exe"; depth:9; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601730/; classtype:trojan-activity;sid:84464830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run4.exe"; depth:9; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601728/; classtype:trojan-activity;sid:84464828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wsuspicious.exe"; depth:16; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601727/; classtype:trojan-activity;sid:84464827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ch2.exe"; depth:8; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601724/; classtype:trojan-activity;sid:84464824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharpwsus.exe"; depth:14; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601725/; classtype:trojan-activity;sid:84464825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rkr.exe"; depth:8; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601726/; classtype:trojan-activity;sid:84464826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r_cnf.exe"; depth:10; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601723/; classtype:trojan-activity;sid:84464823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.196.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601722/; classtype:trojan-activity;sid:84464822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sweetpot2.bin"; depth:14; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601721/; classtype:trojan-activity;sid:84464821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sweetpot.bin"; depth:13; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601720/; classtype:trojan-activity;sid:84464820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snaf.bin"; depth:9; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601718/; classtype:trojan-activity;sid:84464818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l1.bin"; depth:7; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601719/; classtype:trojan-activity;sid:84464819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sw2.bin"; depth:8; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601716/; classtype:trojan-activity;sid:84464816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chi.bin"; depth:8; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601717/; classtype:trojan-activity;sid:84464817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ch3.bin"; depth:8; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601714/; classtype:trojan-activity;sid:84464814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ch2.bin"; depth:8; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601715/; classtype:trojan-activity;sid:84464815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ku.bin"; depth:7; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601713/; classtype:trojan-activity;sid:84464813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sw3.bin"; depth:8; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601705/; classtype:trojan-activity;sid:84464805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rkr.bin"; depth:8; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601706/; classtype:trojan-activity;sid:84464806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r_deleg.bin"; depth:12; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601707/; classtype:trojan-activity;sid:84464807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r_dump.bin"; depth:11; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601708/; classtype:trojan-activity;sid:84464808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8434554557/m6xcver.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601709/; classtype:trojan-activity;sid:84464809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sw1.bin"; depth:8; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601710/; classtype:trojan-activity;sid:84464810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sw1j.bin"; depth:9; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601711/; classtype:trojan-activity;sid:84464811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.bin"; depth:6; endswith; nocase; http.host; content:"45.131.40.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601712/; classtype:trojan-activity;sid:84464812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.77.47.197"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601704/; classtype:trojan-activity;sid:84464804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.119.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601703/; classtype:trojan-activity;sid:84464803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68knlk"; depth:8; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601691/; classtype:trojan-activity;sid:84464791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsnlk"; depth:8; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601692/; classtype:trojan-activity;sid:84464792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6nlk"; depth:8; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601693/; classtype:trojan-activity;sid:84464793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7nlk"; depth:8; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601694/; classtype:trojan-activity;sid:84464794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpslnlk"; depth:8; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601695/; classtype:trojan-activity;sid:84464795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4nlk"; depth:7; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601696/; classtype:trojan-activity;sid:84464796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601697/; classtype:trojan-activity;sid:84464797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armnlk"; depth:7; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601698/; classtype:trojan-activity;sid:84464798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601699/; classtype:trojan-activity;sid:84464799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5nlk"; depth:8; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601700/; classtype:trojan-activity;sid:84464800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spcnlk"; depth:7; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601701/; classtype:trojan-activity;sid:84464801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppcnlk"; depth:7; endswith; nocase; http.host; content:"37.221.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601702/; classtype:trojan-activity;sid:84464802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.150.254"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601690/; classtype:trojan-activity;sid:84464790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601689/; classtype:trojan-activity;sid:84464789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.217.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601688/; classtype:trojan-activity;sid:84464788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.148.114"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601687/; classtype:trojan-activity;sid:84464787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"75.180.21.218"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601686/; classtype:trojan-activity;sid:84464786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.243.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601685/; classtype:trojan-activity;sid:84464785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"75.180.21.218"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601684/; classtype:trojan-activity;sid:84464784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601683/; classtype:trojan-activity;sid:84464783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.56.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601682/; classtype:trojan-activity;sid:84464782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.119.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601681/; classtype:trojan-activity;sid:84464781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.21.140"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601680/; classtype:trojan-activity;sid:84464780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.77.47.197"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601679/; classtype:trojan-activity;sid:84464779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.sh"; depth:5; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601678/; classtype:trojan-activity;sid:84464778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601673/; classtype:trojan-activity;sid:84464773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.xml"; depth:6; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601674/; classtype:trojan-activity;sid:84464774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601675/; classtype:trojan-activity;sid:84464775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601676/; classtype:trojan-activity;sid:84464776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601677/; classtype:trojan-activity;sid:84464777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601664/; classtype:trojan-activity;sid:84464764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601665/; classtype:trojan-activity;sid:84464765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601666/; classtype:trojan-activity;sid:84464766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/o.xml"; depth:21; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601667/; classtype:trojan-activity;sid:84464767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/debug"; depth:21; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601668/; classtype:trojan-activity;sid:84464768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601669/; classtype:trojan-activity;sid:84464769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601670/; classtype:trojan-activity;sid:84464770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601671/; classtype:trojan-activity;sid:84464771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601672/; classtype:trojan-activity;sid:84464772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601661/; classtype:trojan-activity;sid:84464761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601662/; classtype:trojan-activity;sid:84464762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"5.180.82.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601663/; classtype:trojan-activity;sid:84464763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8434554557/mir16yb.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601660/; classtype:trojan-activity;sid:84464760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8434554557/yhee5s8.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601659/; classtype:trojan-activity;sid:84464759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.171.13"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601658/; classtype:trojan-activity;sid:84464758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.10.33"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601657/; classtype:trojan-activity;sid:84464757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.171.13"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601656/; classtype:trojan-activity;sid:84464756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.21.140"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601655/; classtype:trojan-activity;sid:84464755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.152.9.62"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601654/; classtype:trojan-activity;sid:84464754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.226.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601653/; classtype:trojan-activity;sid:84464753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.23.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601652/; classtype:trojan-activity;sid:84464752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.94.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601651/; classtype:trojan-activity;sid:84464751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.206.190"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601650/; classtype:trojan-activity;sid:84464750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.236.164"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601649/; classtype:trojan-activity;sid:84464749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.226.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601648/; classtype:trojan-activity;sid:84464748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.152.9.62"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601647/; classtype:trojan-activity;sid:84464747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.200.212.47"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601645/; classtype:trojan-activity;sid:84464745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.206.190"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601646/; classtype:trojan-activity;sid:84464746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.138.178"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601644/; classtype:trojan-activity;sid:84464744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.94.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601643/; classtype:trojan-activity;sid:84464743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.89"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601642/; classtype:trojan-activity;sid:84464742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.116.12"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601641/; classtype:trojan-activity;sid:84464741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.249.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601640/; classtype:trojan-activity;sid:84464740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.38.95.41"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601639/; classtype:trojan-activity;sid:84464739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.146.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601638/; classtype:trojan-activity;sid:84464738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.37.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601637/; classtype:trojan-activity;sid:84464737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.47.16"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601636/; classtype:trojan-activity;sid:84464736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601635/; classtype:trojan-activity;sid:84464735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.201.47"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601634/; classtype:trojan-activity;sid:84464734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601633/; classtype:trojan-activity;sid:84464733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"74.214.56.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601632/; classtype:trojan-activity;sid:84464732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.249.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601631/; classtype:trojan-activity;sid:84464731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.38.95.41"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601630/; classtype:trojan-activity;sid:84464730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.146.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601629/; classtype:trojan-activity;sid:84464729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.25.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601628/; classtype:trojan-activity;sid:84464728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.212.217"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601627/; classtype:trojan-activity;sid:84464727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.153.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601626/; classtype:trojan-activity;sid:84464726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.178.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601625/; classtype:trojan-activity;sid:84464725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.25.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601624/; classtype:trojan-activity;sid:84464724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.235.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601623/; classtype:trojan-activity;sid:84464723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.178.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601622/; classtype:trojan-activity;sid:84464722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.147.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601621/; classtype:trojan-activity;sid:84464721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.212.217"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601620/; classtype:trojan-activity;sid:84464720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.235.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601619/; classtype:trojan-activity;sid:84464719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.249.69.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601618/; classtype:trojan-activity;sid:84464718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.147.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601617/; classtype:trojan-activity;sid:84464717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.202.233"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601616/; classtype:trojan-activity;sid:84464716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.249.69.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601615/; classtype:trojan-activity;sid:84464715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.249.197.41"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601614/; classtype:trojan-activity;sid:84464714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv7l"; depth:21; endswith; nocase; http.host; content:"109.248.161.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601604/; classtype:trojan-activity;sid:84464704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.sh4"; depth:18; endswith; nocase; http.host; content:"109.248.161.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601605/; classtype:trojan-activity;sid:84464705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv5l"; depth:21; endswith; nocase; http.host; content:"109.248.161.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601606/; classtype:trojan-activity;sid:84464706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.m68k"; depth:19; endswith; nocase; http.host; content:"109.248.161.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601607/; classtype:trojan-activity;sid:84464707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.mips"; depth:19; endswith; nocase; http.host; content:"109.248.161.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601608/; classtype:trojan-activity;sid:84464708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.powerpc"; depth:22; endswith; nocase; http.host; content:"109.248.161.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601609/; classtype:trojan-activity;sid:84464709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv4l"; depth:21; endswith; nocase; http.host; content:"109.248.161.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601610/; classtype:trojan-activity;sid:84464710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv6l"; depth:21; endswith; nocase; http.host; content:"109.248.161.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601611/; classtype:trojan-activity;sid:84464711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.mipsel"; depth:21; endswith; nocase; http.host; content:"109.248.161.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601612/; classtype:trojan-activity;sid:84464712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.i586"; depth:19; endswith; nocase; http.host; content:"109.248.161.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601613/; classtype:trojan-activity;sid:84464713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.244.153"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601603/; classtype:trojan-activity;sid:84464703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.249.197.41"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601602/; classtype:trojan-activity;sid:84464702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.86.167"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601601/; classtype:trojan-activity;sid:84464701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.237.130.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601600/; classtype:trojan-activity;sid:84464700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/trans.sh"; depth:19; endswith; nocase; http.host; content:"109.248.161.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601599/; classtype:trojan-activity;sid:84464699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7887437310/rigo3zz.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601598/; classtype:trojan-activity;sid:84464698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/runtime/vc_redist.x64.exe"; depth:26; endswith; nocase; http.host; content:"checkfivem.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601597/; classtype:trojan-activity;sid:84464697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.247.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601596/; classtype:trojan-activity;sid:84464696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1781548144/o4rqc65.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601594/; classtype:trojan-activity;sid:84464694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.88.14.113"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601595/; classtype:trojan-activity;sid:84464695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.2.33"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601593/; classtype:trojan-activity;sid:84464693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.139.7"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601591/; classtype:trojan-activity;sid:84464691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/arm5"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601592/; classtype:trojan-activity;sid:84464692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.62.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601590/; classtype:trojan-activity;sid:84464690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.167.3.76"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601589/; classtype:trojan-activity;sid:84464689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.150.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601588/; classtype:trojan-activity;sid:84464688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.116.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601587/; classtype:trojan-activity;sid:84464687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.190.127"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601586/; classtype:trojan-activity;sid:84464686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.11.158"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601585/; classtype:trojan-activity;sid:84464685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.241.143.38"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601584/; classtype:trojan-activity;sid:84464684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.196.38.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601583/; classtype:trojan-activity;sid:84464683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.167.3.76"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601582/; classtype:trojan-activity;sid:84464682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.196.38.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601581/; classtype:trojan-activity;sid:84464681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"70.21.115.193"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601580/; classtype:trojan-activity;sid:84464680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.191.161"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601579/; classtype:trojan-activity;sid:84464679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"70.21.115.193"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601578/; classtype:trojan-activity;sid:84464678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601577/; classtype:trojan-activity;sid:84464677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.243.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601576/; classtype:trojan-activity;sid:84464676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.92"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601575/; classtype:trojan-activity;sid:84464675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.171.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601574/; classtype:trojan-activity;sid:84464674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.47.20"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601573/; classtype:trojan-activity;sid:84464673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.47.20"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601572/; classtype:trojan-activity;sid:84464672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.223.85"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601571/; classtype:trojan-activity;sid:84464671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.175.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601570/; classtype:trojan-activity;sid:84464670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.175.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601569/; classtype:trojan-activity;sid:84464669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.172.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601568/; classtype:trojan-activity;sid:84464668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.153.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601567/; classtype:trojan-activity;sid:84464667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.193.246"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601566/; classtype:trojan-activity;sid:84464666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.82.233"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601565/; classtype:trojan-activity;sid:84464665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.194.251"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601564/; classtype:trojan-activity;sid:84464664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.217.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601563/; classtype:trojan-activity;sid:84464663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.251.98.109"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601562/; classtype:trojan-activity;sid:84464662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.95.215.155"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601561/; classtype:trojan-activity;sid:84464661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.213.181"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601560/; classtype:trojan-activity;sid:84464660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.194.251"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601559/; classtype:trojan-activity;sid:84464659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.82.233"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601558/; classtype:trojan-activity;sid:84464658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.213.181"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601557/; classtype:trojan-activity;sid:84464657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.241.143.10"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601556/; classtype:trojan-activity;sid:84464656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.150.3"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601555/; classtype:trojan-activity;sid:84464655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.198.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601554/; classtype:trojan-activity;sid:84464654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.241.143.10"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601553/; classtype:trojan-activity;sid:84464653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/mips"; depth:21; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601551/; classtype:trojan-activity;sid:84464651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.32.64"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601552/; classtype:trojan-activity;sid:84464652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.235.175"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601550/; classtype:trojan-activity;sid:84464650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/operationsilent/x86"; depth:20; endswith; nocase; http.host; content:"141.98.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601547/; classtype:trojan-activity;sid:84464647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.41.89"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601548/; classtype:trojan-activity;sid:84464648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.243.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601549/; classtype:trojan-activity;sid:84464649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.244.153"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601545/; classtype:trojan-activity;sid:84464645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.10.33"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601546/; classtype:trojan-activity;sid:84464646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.45.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601544/; classtype:trojan-activity;sid:84464644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.35.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601543/; classtype:trojan-activity;sid:84464643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.37.211"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601542/; classtype:trojan-activity;sid:84464642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.141.211"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601541/; classtype:trojan-activity;sid:84464641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.241.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601540/; classtype:trojan-activity;sid:84464640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.100.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601539/; classtype:trojan-activity;sid:84464639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.233.182"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601538/; classtype:trojan-activity;sid:84464638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.213.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601537/; classtype:trojan-activity;sid:84464637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.198.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601536/; classtype:trojan-activity;sid:84464636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.199.94"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601535/; classtype:trojan-activity;sid:84464635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.213.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601534/; classtype:trojan-activity;sid:84464634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.223.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601533/; classtype:trojan-activity;sid:84464633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.32.64"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601532/; classtype:trojan-activity;sid:84464632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.199.94"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601531/; classtype:trojan-activity;sid:84464631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.74.13.79"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601530/; classtype:trojan-activity;sid:84464630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.64"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601529/; classtype:trojan-activity;sid:84464629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.184.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601528/; classtype:trojan-activity;sid:84464628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.171.200"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601527/; classtype:trojan-activity;sid:84464627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopegone.php"; depth:13; endswith; nocase; http.host; content:"86.106.85.202"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601526/; classtype:trojan-activity;sid:84464626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7309295924/hbhxbwy.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601525/; classtype:trojan-activity;sid:84464625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.174.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601523/; classtype:trojan-activity;sid:84464623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/892962105/jc3lmwl.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601524/; classtype:trojan-activity;sid:84464624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.74.13.79"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601522/; classtype:trojan-activity;sid:84464622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.89"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601521/; classtype:trojan-activity;sid:84464621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.184.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601520/; classtype:trojan-activity;sid:84464620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.92.149"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601519/; classtype:trojan-activity;sid:84464619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.174.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601518/; classtype:trojan-activity;sid:84464618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2fcsxlsjmcuylb"; depth:15; endswith; nocase; http.host; content:"pampersnastily.life"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601517/; classtype:trojan-activity;sid:84464617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.92.149"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601516/; classtype:trojan-activity;sid:84464616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/2117628369/2tabvaz.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601515/; classtype:trojan-activity;sid:84464615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7861746037/nnaznax.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601514/; classtype:trojan-activity;sid:84464614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7879280053/ge0rlx3.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601513/; classtype:trojan-activity;sid:84464613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6335391544/ibzxiyi.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601512/; classtype:trojan-activity;sid:84464612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7382018045/oe4sskm.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601511/; classtype:trojan-activity;sid:84464611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5254702106/ajzasmz.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601509/; classtype:trojan-activity;sid:84464609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7138747973/5v5vkp1.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601510/; classtype:trojan-activity;sid:84464610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.m68k"; depth:11; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601497/; classtype:trojan-activity;sid:84464597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.spc"; depth:10; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601498/; classtype:trojan-activity;sid:84464598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.arm7"; depth:11; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601499/; classtype:trojan-activity;sid:84464599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.sh4"; depth:10; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601500/; classtype:trojan-activity;sid:84464600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.mpsl"; depth:11; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601501/; classtype:trojan-activity;sid:84464601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.arm6"; depth:11; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601502/; classtype:trojan-activity;sid:84464602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.mips"; depth:11; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601503/; classtype:trojan-activity;sid:84464603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.x86_64"; depth:13; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601504/; classtype:trojan-activity;sid:84464604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.arm5"; depth:11; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601505/; classtype:trojan-activity;sid:84464605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.arm"; depth:10; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601506/; classtype:trojan-activity;sid:84464606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.ppc"; depth:10; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601507/; classtype:trojan-activity;sid:84464607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/2117628369/cqqf3eb.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601508/; classtype:trojan-activity;sid:84464608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.210.235.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601496/; classtype:trojan-activity;sid:84464596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.3.50"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601495/; classtype:trojan-activity;sid:84464595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.116.12"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601494/; classtype:trojan-activity;sid:84464594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601493/; classtype:trojan-activity;sid:84464593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.235.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601492/; classtype:trojan-activity;sid:84464592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.87.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601490/; classtype:trojan-activity;sid:84464590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/randomcool.mp4"; depth:15; endswith; nocase; http.host; content:"wendystream.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601491/; classtype:trojan-activity;sid:84464591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.166.180"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601489/; classtype:trojan-activity;sid:84464589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supports/ef37ec4d1570.pdf.mp4"; depth:30; endswith; nocase; http.host; content:"86.106.85.202"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601488/; classtype:trojan-activity;sid:84464588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/clickwasp.lnk"; depth:24; endswith; nocase; http.host; content:"192.124.178.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601485/; classtype:trojan-activity;sid:84464585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/pineapple.lnk"; depth:24; endswith; nocase; http.host; content:"192.124.178.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601486/; classtype:trojan-activity;sid:84464586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/test2.lnk"; depth:20; endswith; nocase; http.host; content:"89.221.203.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601487/; classtype:trojan-activity;sid:84464587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/test1.lnk"; depth:20; endswith; nocase; http.host; content:"89.221.203.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601484/; classtype:trojan-activity;sid:84464584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/test.lnk"; depth:19; endswith; nocase; http.host; content:"192.124.178.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601481/; classtype:trojan-activity;sid:84464581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/test3.lnk"; depth:20; endswith; nocase; http.host; content:"89.221.203.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601482/; classtype:trojan-activity;sid:84464582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/rh%20nda.lnk"; depth:23; endswith; nocase; http.host; content:"192.124.178.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601483/; classtype:trojan-activity;sid:84464583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/ef37ec4d1570.pdf.lnk"; depth:31; endswith; nocase; http.host; content:"89.221.203.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601480/; classtype:trojan-activity;sid:84464580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/rdna.lnk"; depth:19; endswith; nocase; http.host; content:"192.124.178.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601479/; classtype:trojan-activity;sid:84464579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601478/; classtype:trojan-activity;sid:84464578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.14.101.23"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601476/; classtype:trojan-activity;sid:84464576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"194.30.129.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601477/; classtype:trojan-activity;sid:84464577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.146.158.129"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601471/; classtype:trojan-activity;sid:84464571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"194.30.129.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601472/; classtype:trojan-activity;sid:84464572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sh"; depth:8; endswith; nocase; http.host; content:"194.30.129.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601473/; classtype:trojan-activity;sid:84464573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.146.124.198"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601474/; classtype:trojan-activity;sid:84464574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.92.95.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601475/; classtype:trojan-activity;sid:84464575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm4"; depth:10; endswith; nocase; http.host; content:"194.30.129.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601467/; classtype:trojan-activity;sid:84464567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.134.83.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601468/; classtype:trojan-activity;sid:84464568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sparc"; depth:11; endswith; nocase; http.host; content:"194.30.129.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601469/; classtype:trojan-activity;sid:84464569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.ppc"; depth:9; endswith; nocase; http.host; content:"194.30.129.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601470/; classtype:trojan-activity;sid:84464570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"194.30.129.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601466/; classtype:trojan-activity;sid:84464566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"45.144.137.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601465/; classtype:trojan-activity;sid:84464565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"38.147.170.91"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601463/; classtype:trojan-activity;sid:84464563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.221.79.18"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601464/; classtype:trojan-activity;sid:84464564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"69.5.189.69"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601459/; classtype:trojan-activity;sid:84464559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"194.30.129.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601460/; classtype:trojan-activity;sid:84464560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"194.30.129.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601461/; classtype:trojan-activity;sid:84464561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.134.83.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601462/; classtype:trojan-activity;sid:84464562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.200.175.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601458/; classtype:trojan-activity;sid:84464558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"120.157.34.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601456/; classtype:trojan-activity;sid:84464556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.181.62.92"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601457/; classtype:trojan-activity;sid:84464557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.187.247.251"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601453/; classtype:trojan-activity;sid:84464553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.187.247.251"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601454/; classtype:trojan-activity;sid:84464554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"120.157.34.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601455/; classtype:trojan-activity;sid:84464555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.41.157.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601452/; classtype:trojan-activity;sid:84464552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"41.147.199.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601439/; classtype:trojan-activity;sid:84464539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.75.128.153"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601440/; classtype:trojan-activity;sid:84464540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.41.157.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601441/; classtype:trojan-activity;sid:84464541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.236.84.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601442/; classtype:trojan-activity;sid:84464542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.154.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601443/; classtype:trojan-activity;sid:84464543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.192.149.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601444/; classtype:trojan-activity;sid:84464544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"164.126.150.95"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601445/; classtype:trojan-activity;sid:84464545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.244.249.191"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601446/; classtype:trojan-activity;sid:84464546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.235.251.22"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601447/; classtype:trojan-activity;sid:84464547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.246.224.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601448/; classtype:trojan-activity;sid:84464548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.157.28.102"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601449/; classtype:trojan-activity;sid:84464549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.242.81.51"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601450/; classtype:trojan-activity;sid:84464550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.187.251.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601451/; classtype:trojan-activity;sid:84464551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.40.119.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601438/; classtype:trojan-activity;sid:84464538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.6.8.185"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601434/; classtype:trojan-activity;sid:84464534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.65.162"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601435/; classtype:trojan-activity;sid:84464535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.116.29.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601436/; classtype:trojan-activity;sid:84464536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.34.165.8"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601437/; classtype:trojan-activity;sid:84464537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.158.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601427/; classtype:trojan-activity;sid:84464527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.152.160"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601428/; classtype:trojan-activity;sid:84464528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"59.94.114.13"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601429/; classtype:trojan-activity;sid:84464529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.110.152.49"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601430/; classtype:trojan-activity;sid:84464530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"77.179.242.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601431/; classtype:trojan-activity;sid:84464531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.187.121.234"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601432/; classtype:trojan-activity;sid:84464532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"189.222.107.41"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601433/; classtype:trojan-activity;sid:84464533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"41.147.199.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601426/; classtype:trojan-activity;sid:84464526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.87.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601425/; classtype:trojan-activity;sid:84464525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.150.184"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601424/; classtype:trojan-activity;sid:84464524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.59.81.165"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601423/; classtype:trojan-activity;sid:84464523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.178.149.114"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601422/; classtype:trojan-activity;sid:84464522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601421/; classtype:trojan-activity;sid:84464521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.241.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601420/; classtype:trojan-activity;sid:84464520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.178.149.114"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601419/; classtype:trojan-activity;sid:84464519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.43.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601418/; classtype:trojan-activity;sid:84464518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.77.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601417/; classtype:trojan-activity;sid:84464517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.254.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601416/; classtype:trojan-activity;sid:84464516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.77.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601415/; classtype:trojan-activity;sid:84464515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.254.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601414/; classtype:trojan-activity;sid:84464514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.208.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601413/; classtype:trojan-activity;sid:84464513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601412/; classtype:trojan-activity;sid:84464512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.148.110"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601411/; classtype:trojan-activity;sid:84464511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601410/; classtype:trojan-activity;sid:84464510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.190.127"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601409/; classtype:trojan-activity;sid:84464509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.148.110"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601408/; classtype:trojan-activity;sid:84464508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.196.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601407/; classtype:trojan-activity;sid:84464507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.208.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601406/; classtype:trojan-activity;sid:84464506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601405/; classtype:trojan-activity;sid:84464505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.190.202.144"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601404/; classtype:trojan-activity;sid:84464504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.190.202.144"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601403/; classtype:trojan-activity;sid:84464503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.x86"; depth:10; endswith; nocase; http.host; content:"45.83.207.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601402/; classtype:trojan-activity;sid:84464502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.7.199"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601401/; classtype:trojan-activity;sid:84464501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/timer.jquery.js"; depth:19; endswith; nocase; http.host; content:"smoking-hot.net"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601400/; classtype:trojan-activity;sid:84464500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rule/check|3f|ckey=jwtmwkmsyycst5nualyjiaf38wqk4s1id0nonegazvqbhnvg9u4xqnmil3tcjqlbfsacgblgu5/y85b6nlbcydrgjrdnltsoz3kgtdgnjq0djbmanhhcchahywgbi8ldjmtfhl0zq4fyxo5y/30czbhhjhi7v72tmeldkcmoiuc=|7c|26|7c|data=024gfyib2nd7txkfru1onn5r0gq1mmdjgo/i"; depth:243; endswith; nocase; http.host; content:"ykapi.luyou.360.cn"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601398/; classtype:trojan-activity;sid:84464498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.94.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601399/; classtype:trojan-activity;sid:84464499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.243.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601397/; classtype:trojan-activity;sid:84464497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.178.64"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601396/; classtype:trojan-activity;sid:84464496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.126.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601394/; classtype:trojan-activity;sid:84464494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.223.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601395/; classtype:trojan-activity;sid:84464495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.75.54"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601393/; classtype:trojan-activity;sid:84464493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.225.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601392/; classtype:trojan-activity;sid:84464492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"188.38.3.30"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601391/; classtype:trojan-activity;sid:84464491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.150.96"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601390/; classtype:trojan-activity;sid:84464490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.178.225"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601389/; classtype:trojan-activity;sid:84464489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.167"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601388/; classtype:trojan-activity;sid:84464488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.51.83"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601386/; classtype:trojan-activity;sid:84464486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.187.52"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601387/; classtype:trojan-activity;sid:84464487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.172.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601385/; classtype:trojan-activity;sid:84464485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/visiodrive/nvidiarelease.zip"; depth:29; endswith; nocase; http.host; content:"driverservices.store"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601384/; classtype:trojan-activity;sid:84464484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.51.11"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601383/; classtype:trojan-activity;sid:84464483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.7.199"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601382/; classtype:trojan-activity;sid:84464482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uteygg.zip"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601381/; classtype:trojan-activity;sid:84464481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.178.225"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601380/; classtype:trojan-activity;sid:84464480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.167"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601379/; classtype:trojan-activity;sid:84464479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ko.js"; depth:6; endswith; nocase; http.host; content:"45.141.233.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601378/; classtype:trojan-activity;sid:84464478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gue8austxqalf39.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601377/; classtype:trojan-activity;sid:84464477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonz984ijtf8dpr.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601376/; classtype:trojan-activity;sid:84464476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a0bqmrtf7gnqstn.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601375/; classtype:trojan-activity;sid:84464475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/200/cecc/nicepeoplesgreatpersonalityforentiretimewhichgiving______nicepeoplesgreatpersonalityforentiretimewhichgiving________nicepeoplesgreatpersonalityforentiretimewhichgiving.doc"; depth:181; endswith; nocase; http.host; content:"191.233.17.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601374/; classtype:trojan-activity;sid:84464474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.141.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601372/; classtype:trojan-activity;sid:84464472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.81.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601373/; classtype:trojan-activity;sid:84464473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7887437310/vp4r7kz.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601371/; classtype:trojan-activity;sid:84464471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.187.52"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601370/; classtype:trojan-activity;sid:84464470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.29.225.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601369/; classtype:trojan-activity;sid:84464469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.51.11"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601368/; classtype:trojan-activity;sid:84464468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.77.8"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601367/; classtype:trojan-activity;sid:84464467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.31.228.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601366/; classtype:trojan-activity;sid:84464466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.124.38"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601365/; classtype:trojan-activity;sid:84464465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/m68k"; depth:13; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601364/; classtype:trojan-activity;sid:84464464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/sh4"; depth:12; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601363/; classtype:trojan-activity;sid:84464463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/spc"; depth:12; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601362/; classtype:trojan-activity;sid:84464462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/arm6"; depth:13; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601361/; classtype:trojan-activity;sid:84464461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/arm7"; depth:13; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601358/; classtype:trojan-activity;sid:84464458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/mpsl"; depth:13; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601359/; classtype:trojan-activity;sid:84464459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/root"; depth:13; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601360/; classtype:trojan-activity;sid:84464460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/rtk"; depth:12; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601353/; classtype:trojan-activity;sid:84464453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/yarn"; depth:13; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601354/; classtype:trojan-activity;sid:84464454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/arc"; depth:12; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601355/; classtype:trojan-activity;sid:84464455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/ppc"; depth:12; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601356/; classtype:trojan-activity;sid:84464456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/zte"; depth:12; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601357/; classtype:trojan-activity;sid:84464457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.118.127"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601352/; classtype:trojan-activity;sid:84464452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.111.221"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601351/; classtype:trojan-activity;sid:84464451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.120.176"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601350/; classtype:trojan-activity;sid:84464450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.123.92"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601348/; classtype:trojan-activity;sid:84464448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.141.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601349/; classtype:trojan-activity;sid:84464449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.124.38"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601346/; classtype:trojan-activity;sid:84464446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.118.127"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601347/; classtype:trojan-activity;sid:84464447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.64"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601345/; classtype:trojan-activity;sid:84464445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.74.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601344/; classtype:trojan-activity;sid:84464444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.123.92"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601343/; classtype:trojan-activity;sid:84464443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.128.49"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601342/; classtype:trojan-activity;sid:84464442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.173.222"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601341/; classtype:trojan-activity;sid:84464441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.231.235"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601340/; classtype:trojan-activity;sid:84464440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.133.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601339/; classtype:trojan-activity;sid:84464439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.236.112"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601338/; classtype:trojan-activity;sid:84464438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.128.49"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601337/; classtype:trojan-activity;sid:84464437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601336/; classtype:trojan-activity;sid:84464436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanoi.x86"; depth:10; endswith; nocase; http.host; content:"89.213.177.200"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601335/; classtype:trojan-activity;sid:84464435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601334/; classtype:trojan-activity;sid:84464434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.173.222"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601333/; classtype:trojan-activity;sid:84464433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.236.112"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601332/; classtype:trojan-activity;sid:84464432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.97.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601331/; classtype:trojan-activity;sid:84464431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.157.144"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601330/; classtype:trojan-activity;sid:84464430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601329/; classtype:trojan-activity;sid:84464429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.157.144"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601328/; classtype:trojan-activity;sid:84464428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.184.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601327/; classtype:trojan-activity;sid:84464427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.56.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601326/; classtype:trojan-activity;sid:84464426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.8.242"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601325/; classtype:trojan-activity;sid:84464425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.15.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601324/; classtype:trojan-activity;sid:84464424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spvbqmbkyr_06/03.txt"; depth:21; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601323/; classtype:trojan-activity;sid:84464423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/985220663/w0bgqyp.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601322/; classtype:trojan-activity;sid:84464422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1528118067/0pc8ya8.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601321/; classtype:trojan-activity;sid:84464421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.230.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601320/; classtype:trojan-activity;sid:84464420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.184.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601319/; classtype:trojan-activity;sid:84464419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.70.15.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601318/; classtype:trojan-activity;sid:84464418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.8.242"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601317/; classtype:trojan-activity;sid:84464417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.25.220.251"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601316/; classtype:trojan-activity;sid:84464416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.105.160"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601315/; classtype:trojan-activity;sid:84464415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.116.211"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601314/; classtype:trojan-activity;sid:84464414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.42.67.157"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601313/; classtype:trojan-activity;sid:84464413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.153.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601310/; classtype:trojan-activity;sid:84464410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.25.220.251"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601311/; classtype:trojan-activity;sid:84464411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.51.83"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601309/; classtype:trojan-activity;sid:84464409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.42.67.157"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601308/; classtype:trojan-activity;sid:84464408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.129.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601307/; classtype:trojan-activity;sid:84464407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.18.242"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601306/; classtype:trojan-activity;sid:84464406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.153.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601305/; classtype:trojan-activity;sid:84464405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.101.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601304/; classtype:trojan-activity;sid:84464404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.159.17"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601303/; classtype:trojan-activity;sid:84464403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.195.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601302/; classtype:trojan-activity;sid:84464402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.101.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601301/; classtype:trojan-activity;sid:84464401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.215.249"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601300/; classtype:trojan-activity;sid:84464400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.129.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601299/; classtype:trojan-activity;sid:84464399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.198.186"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601298/; classtype:trojan-activity;sid:84464398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.8.56"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601297/; classtype:trojan-activity;sid:84464397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/arm"; depth:9; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601295/; classtype:trojan-activity;sid:84464395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/x86"; depth:12; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601296/; classtype:trojan-activity;sid:84464396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.90"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601293/; classtype:trojan-activity;sid:84464393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.81.240"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601294/; classtype:trojan-activity;sid:84464394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.18.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601289/; classtype:trojan-activity;sid:84464389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.182.250"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601290/; classtype:trojan-activity;sid:84464390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.190.138"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601291/; classtype:trojan-activity;sid:84464391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.13.32.161"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601292/; classtype:trojan-activity;sid:84464392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/arm"; depth:12; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601286/; classtype:trojan-activity;sid:84464386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.171.45.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601287/; classtype:trojan-activity;sid:84464387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbidiot/mips"; depth:13; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601288/; classtype:trojan-activity;sid:84464388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.175.10"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601285/; classtype:trojan-activity;sid:84464385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.195.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601284/; classtype:trojan-activity;sid:84464384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.85.220"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601283/; classtype:trojan-activity;sid:84464383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.83.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601282/; classtype:trojan-activity;sid:84464382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.145.34"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601281/; classtype:trojan-activity;sid:84464381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.87.9"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601280/; classtype:trojan-activity;sid:84464380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.215.249"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601279/; classtype:trojan-activity;sid:84464379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.8.56"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601278/; classtype:trojan-activity;sid:84464378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.68.69"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601277/; classtype:trojan-activity;sid:84464377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.249.195.136"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601276/; classtype:trojan-activity;sid:84464376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.105.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601275/; classtype:trojan-activity;sid:84464375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.85.220"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601274/; classtype:trojan-activity;sid:84464374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.87.9"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601273/; classtype:trojan-activity;sid:84464373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.145.34"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601272/; classtype:trojan-activity;sid:84464372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.83.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601271/; classtype:trojan-activity;sid:84464371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.68.69"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601270/; classtype:trojan-activity;sid:84464370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.77.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601269/; classtype:trojan-activity;sid:84464369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.249.195.136"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601268/; classtype:trojan-activity;sid:84464368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.64.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601267/; classtype:trojan-activity;sid:84464367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.142.238"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601266/; classtype:trojan-activity;sid:84464366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.191.161"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601265/; classtype:trojan-activity;sid:84464365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.254.239"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601264/; classtype:trojan-activity;sid:84464364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver/tuts.wsh"; depth:13; endswith; nocase; http.host; content:"ser-tribune-require-bodies.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601263/; classtype:trojan-activity;sid:84464363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/documentinfo.pdf.lnk"; depth:25; endswith; nocase; http.host; content:"ser-tribune-require-bodies.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601262/; classtype:trojan-activity;sid:84464362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver/fi.wsf"; depth:11; endswith; nocase; http.host; content:"ser-tribune-require-bodies.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601261/; classtype:trojan-activity;sid:84464361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vog.bat"; depth:8; endswith; nocase; http.host; content:"ser-tribune-require-bodies.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601260/; classtype:trojan-activity;sid:84464360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_ad622eee420f4e0fa1e3581b91efa43d.txt"; depth:45; endswith; nocase; http.host; content:"serverfilee.ct.ws"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601259/; classtype:trojan-activity;sid:84464359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_b300501e36854d6fb850b95bb38752ab.txt"; depth:45; endswith; nocase; http.host; content:"serverfilee.ct.ws"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601258/; classtype:trojan-activity;sid:84464358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1013240947/hrtilpc.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601257/; classtype:trojan-activity;sid:84464357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_6b433ccfeb2443aca86c0d7f57e3222c.txt"; depth:45; endswith; nocase; http.host; content:"90001a.lovestoblog.com"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601256/; classtype:trojan-activity;sid:84464356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.7.46"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601254/; classtype:trojan-activity;sid:84464354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.112.193"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601255/; classtype:trojan-activity;sid:84464355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.77.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601253/; classtype:trojan-activity;sid:84464353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.178.161"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601252/; classtype:trojan-activity;sid:84464352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_442e4f21e8f040ccb1a40b6c8a24d419.txt"; depth:45; endswith; nocase; http.host; content:"lovetoday.xo.je"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601251/; classtype:trojan-activity;sid:84464351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.121.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601250/; classtype:trojan-activity;sid:84464350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5p2tl9.txt"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601249/; classtype:trojan-activity;sid:84464349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wolvcw.txt"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601248/; classtype:trojan-activity;sid:84464348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.64.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601247/; classtype:trojan-activity;sid:84464347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.56.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601246/; classtype:trojan-activity;sid:84464346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.84.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601245/; classtype:trojan-activity;sid:84464345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.112.193"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601244/; classtype:trojan-activity;sid:84464344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.211.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601243/; classtype:trojan-activity;sid:84464343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.254.255"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601242/; classtype:trojan-activity;sid:84464342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.121.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601241/; classtype:trojan-activity;sid:84464341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.70.107"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601240/; classtype:trojan-activity;sid:84464340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.84.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601239/; classtype:trojan-activity;sid:84464339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.142.238"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601238/; classtype:trojan-activity;sid:84464338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601227/; classtype:trojan-activity;sid:84464327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601228/; classtype:trojan-activity;sid:84464328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601229/; classtype:trojan-activity;sid:84464329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601230/; classtype:trojan-activity;sid:84464330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601231/; classtype:trojan-activity;sid:84464331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601232/; classtype:trojan-activity;sid:84464332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601233/; classtype:trojan-activity;sid:84464333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601234/; classtype:trojan-activity;sid:84464334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601235/; classtype:trojan-activity;sid:84464335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601236/; classtype:trojan-activity;sid:84464336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601237/; classtype:trojan-activity;sid:84464337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601226/; classtype:trojan-activity;sid:84464326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601225/; classtype:trojan-activity;sid:84464325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.216.110.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601223/; classtype:trojan-activity;sid:84464323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.159.231"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601224/; classtype:trojan-activity;sid:84464324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.158.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601222/; classtype:trojan-activity;sid:84464322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.php|3f|a=0"; depth:13; endswith; nocase; http.host; content:"www-account-booking.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601221/; classtype:trojan-activity;sid:84464321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1amrfa8l_jilcyzsr7dnad0u2rjijiw8i"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601220/; classtype:trojan-activity;sid:84464320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.120.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601219/; classtype:trojan-activity;sid:84464319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/hgwxfap2jb"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601218/; classtype:trojan-activity;sid:84464318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/jktip2kh0u"; depth:15; endswith; nocase; http.host; content:"textbin.net"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601217/; classtype:trojan-activity;sid:84464317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver/fi.wsf"; depth:11; endswith; nocase; http.host; content:"ser-tribune-require-bodies.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601216/; classtype:trojan-activity;sid:84464316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vog.bat"; depth:8; endswith; nocase; http.host; content:"ser-tribune-require-bodies.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601215/; classtype:trojan-activity;sid:84464315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; depth:77; endswith; nocase; http.host; content:"124.198.131.153"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601213/; classtype:trojan-activity;sid:84464313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; depth:77; endswith; nocase; http.host; content:"182.248.210.22"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601214/; classtype:trojan-activity;sid:84464314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; depth:77; endswith; nocase; http.host; content:"192.159.99.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601212/; classtype:trojan-activity;sid:84464312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lev/shadow/rms/cayfporc.msi"; depth:28; endswith; nocase; http.host; content:"updatessoftware.b-cdn.net"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601211/; classtype:trojan-activity;sid:84464311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/documentinfo.pdf.lnk"; depth:25; endswith; nocase; http.host; content:"ser-tribune-require-bodies.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601209/; classtype:trojan-activity;sid:84464309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/john/pr/04.08/iytdtgtf.msi"; depth:27; endswith; nocase; http.host; content:"updatessoftware.b-cdn.net"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601210/; classtype:trojan-activity;sid:84464310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.70.107"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601207/; classtype:trojan-activity;sid:84464307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.211.47"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601208/; classtype:trojan-activity;sid:84464308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3pd2c60i3l.exe"; depth:15; endswith; nocase; http.host; content:"filehost-efn.pages.dev"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601205/; classtype:trojan-activity;sid:84464305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver/tuts.wsh"; depth:13; endswith; nocase; http.host; content:"ser-tribune-require-bodies.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601204/; classtype:trojan-activity;sid:84464304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; depth:77; endswith; nocase; http.host; content:"45.138.16.87"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601203/; classtype:trojan-activity;sid:84464303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/o.xml"; depth:11; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601201/; classtype:trojan-activity;sid:84464301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6817332825/0kiqfl1.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601202/; classtype:trojan-activity;sid:84464302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/link"; depth:5; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601185/; classtype:trojan-activity;sid:84464285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601186/; classtype:trojan-activity;sid:84464286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601187/; classtype:trojan-activity;sid:84464287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601188/; classtype:trojan-activity;sid:84464288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601189/; classtype:trojan-activity;sid:84464289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qnap"; depth:5; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601190/; classtype:trojan-activity;sid:84464290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601191/; classtype:trojan-activity;sid:84464291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601192/; classtype:trojan-activity;sid:84464292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601193/; classtype:trojan-activity;sid:84464293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpslnlk"; depth:8; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601194/; classtype:trojan-activity;sid:84464294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601195/; classtype:trojan-activity;sid:84464295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601196/; classtype:trojan-activity;sid:84464296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601197/; classtype:trojan-activity;sid:84464297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7nlk"; depth:8; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601198/; classtype:trojan-activity;sid:84464298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601199/; classtype:trojan-activity;sid:84464299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7922836960/tto2try.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601200/; classtype:trojan-activity;sid:84464300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.216.110.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601184/; classtype:trojan-activity;sid:84464284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.227.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601183/; classtype:trojan-activity;sid:84464283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.159.231"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601182/; classtype:trojan-activity;sid:84464282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.58.150"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601180/; classtype:trojan-activity;sid:84464280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.199.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601181/; classtype:trojan-activity;sid:84464281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.158.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601179/; classtype:trojan-activity;sid:84464279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.120.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601178/; classtype:trojan-activity;sid:84464278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.48.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601177/; classtype:trojan-activity;sid:84464277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.22.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601176/; classtype:trojan-activity;sid:84464276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.48.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601175/; classtype:trojan-activity;sid:84464275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.49.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601174/; classtype:trojan-activity;sid:84464274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.4.181"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601173/; classtype:trojan-activity;sid:84464273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.253.153"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601172/; classtype:trojan-activity;sid:84464272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.180.222"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601171/; classtype:trojan-activity;sid:84464271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.111.221"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601170/; classtype:trojan-activity;sid:84464270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.51.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601169/; classtype:trojan-activity;sid:84464269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.44.175"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601167/; classtype:trojan-activity;sid:84464267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.16.175.208"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601168/; classtype:trojan-activity;sid:84464268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.208.16"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601166/; classtype:trojan-activity;sid:84464266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.145.240"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601165/; classtype:trojan-activity;sid:84464265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.180.222"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601164/; classtype:trojan-activity;sid:84464264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.24.27"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601163/; classtype:trojan-activity;sid:84464263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.253.153"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601162/; classtype:trojan-activity;sid:84464262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"74.215.61.181"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601161/; classtype:trojan-activity;sid:84464261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.74.116.201"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601160/; classtype:trojan-activity;sid:84464260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.44.175"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601159/; classtype:trojan-activity;sid:84464259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.43.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601158/; classtype:trojan-activity;sid:84464258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.145.240"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601157/; classtype:trojan-activity;sid:84464257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.198.208"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601156/; classtype:trojan-activity;sid:84464256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.166.180"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601155/; classtype:trojan-activity;sid:84464255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.24.27"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601154/; classtype:trojan-activity;sid:84464254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.71.60.44"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601153/; classtype:trojan-activity;sid:84464253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"74.215.61.181"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601152/; classtype:trojan-activity;sid:84464252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.74.116.201"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601151/; classtype:trojan-activity;sid:84464251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.109.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601150/; classtype:trojan-activity;sid:84464250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601149/; classtype:trojan-activity;sid:84464249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.159.17"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601148/; classtype:trojan-activity;sid:84464248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601147/; classtype:trojan-activity;sid:84464247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.35.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601146/; classtype:trojan-activity;sid:84464246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.109.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601145/; classtype:trojan-activity;sid:84464245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.38.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601144/; classtype:trojan-activity;sid:84464244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.112.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601143/; classtype:trojan-activity;sid:84464243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.80.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601142/; classtype:trojan-activity;sid:84464242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.255.58"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601141/; classtype:trojan-activity;sid:84464241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601140/; classtype:trojan-activity;sid:84464240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.49.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601139/; classtype:trojan-activity;sid:84464239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.147.117"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601138/; classtype:trojan-activity;sid:84464238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.80.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601137/; classtype:trojan-activity;sid:84464237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.141.123"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601136/; classtype:trojan-activity;sid:84464236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.38.214"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601135/; classtype:trojan-activity;sid:84464235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601134/; classtype:trojan-activity;sid:84464234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.100.123.10"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601133/; classtype:trojan-activity;sid:84464233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.227.145"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601132/; classtype:trojan-activity;sid:84464232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.162.39.252"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601130/; classtype:trojan-activity;sid:84464230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.7.46"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601131/; classtype:trojan-activity;sid:84464231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"185.186.26.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601129/; classtype:trojan-activity;sid:84464229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.38.214"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601128/; classtype:trojan-activity;sid:84464228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601127/; classtype:trojan-activity;sid:84464227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.141.123"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601126/; classtype:trojan-activity;sid:84464226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.238.83.20"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601125/; classtype:trojan-activity;sid:84464225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.38.99"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601124/; classtype:trojan-activity;sid:84464224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.7.159"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601123/; classtype:trojan-activity;sid:84464223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.79.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601122/; classtype:trojan-activity;sid:84464222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"153.37.135.191"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601121/; classtype:trojan-activity;sid:84464221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.238.83.20"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601120/; classtype:trojan-activity;sid:84464220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.11.240"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601119/; classtype:trojan-activity;sid:84464219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.7.159"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601118/; classtype:trojan-activity;sid:84464218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.79.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601117/; classtype:trojan-activity;sid:84464217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.80.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601116/; classtype:trojan-activity;sid:84464216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.215.199"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601115/; classtype:trojan-activity;sid:84464215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.72.37"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601114/; classtype:trojan-activity;sid:84464214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.141.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601113/; classtype:trojan-activity;sid:84464213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.255.58"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601110/; classtype:trojan-activity;sid:84464210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.78.169"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601111/; classtype:trojan-activity;sid:84464211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.161.197.41"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601112/; classtype:trojan-activity;sid:84464212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.155.184"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601109/; classtype:trojan-activity;sid:84464209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.248.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601108/; classtype:trojan-activity;sid:84464208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.243.86"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601107/; classtype:trojan-activity;sid:84464207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.73.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601106/; classtype:trojan-activity;sid:84464206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.227.145"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601105/; classtype:trojan-activity;sid:84464205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.141.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601104/; classtype:trojan-activity;sid:84464204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.255.58"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601103/; classtype:trojan-activity;sid:84464203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.171.177.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601102/; classtype:trojan-activity;sid:84464202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.52.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601101/; classtype:trojan-activity;sid:84464201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.155.184"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601099/; classtype:trojan-activity;sid:84464199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.248.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601100/; classtype:trojan-activity;sid:84464200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.243.86"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601098/; classtype:trojan-activity;sid:84464198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.73.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601097/; classtype:trojan-activity;sid:84464197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.92.176"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601096/; classtype:trojan-activity;sid:84464196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.251.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601095/; classtype:trojan-activity;sid:84464195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601094/; classtype:trojan-activity;sid:84464194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601081/; classtype:trojan-activity;sid:84464181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.171.177.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601082/; classtype:trojan-activity;sid:84464182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601083/; classtype:trojan-activity;sid:84464183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601084/; classtype:trojan-activity;sid:84464184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601085/; classtype:trojan-activity;sid:84464185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601086/; classtype:trojan-activity;sid:84464186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601087/; classtype:trojan-activity;sid:84464187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601088/; classtype:trojan-activity;sid:84464188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601089/; classtype:trojan-activity;sid:84464189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601090/; classtype:trojan-activity;sid:84464190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601091/; classtype:trojan-activity;sid:84464191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601092/; classtype:trojan-activity;sid:84464192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601093/; classtype:trojan-activity;sid:84464193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.226.80"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601080/; classtype:trojan-activity;sid:84464180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601079/; classtype:trojan-activity;sid:84464179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.90.141"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601078/; classtype:trojan-activity;sid:84464178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.18.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601077/; classtype:trojan-activity;sid:84464177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601069/; classtype:trojan-activity;sid:84464169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601070/; classtype:trojan-activity;sid:84464170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601071/; classtype:trojan-activity;sid:84464171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601072/; classtype:trojan-activity;sid:84464172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601073/; classtype:trojan-activity;sid:84464173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601074/; classtype:trojan-activity;sid:84464174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601075/; classtype:trojan-activity;sid:84464175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601076/; classtype:trojan-activity;sid:84464176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601063/; classtype:trojan-activity;sid:84464163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601064/; classtype:trojan-activity;sid:84464164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i468"; depth:26; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601065/; classtype:trojan-activity;sid:84464165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601066/; classtype:trojan-activity;sid:84464166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601067/; classtype:trojan-activity;sid:84464167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arc"; depth:25; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601068/; classtype:trojan-activity;sid:84464168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"185.213.240.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601062/; classtype:trojan-activity;sid:84464162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.81.197"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601061/; classtype:trojan-activity;sid:84464161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.24.107"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601060/; classtype:trojan-activity;sid:84464160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.191.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601059/; classtype:trojan-activity;sid:84464159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selftbk.sh"; depth:11; endswith; nocase; http.host; content:"unjiproxy.p-e.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601057/; classtype:trojan-activity;sid:84464157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.132.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601058/; classtype:trojan-activity;sid:84464158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.165.66.121"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601056/; classtype:trojan-activity;sid:84464156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.38.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601055/; classtype:trojan-activity;sid:84464155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.80.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601054/; classtype:trojan-activity;sid:84464154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.51.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601053/; classtype:trojan-activity;sid:84464153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.152.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601052/; classtype:trojan-activity;sid:84464152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.251.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601051/; classtype:trojan-activity;sid:84464151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.186.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601050/; classtype:trojan-activity;sid:84464150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.18.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601049/; classtype:trojan-activity;sid:84464149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.142.25"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601047/; classtype:trojan-activity;sid:84464147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.112.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601048/; classtype:trojan-activity;sid:84464148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.132.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601046/; classtype:trojan-activity;sid:84464146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.191.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601045/; classtype:trojan-activity;sid:84464145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.103.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601044/; classtype:trojan-activity;sid:84464144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.16.12"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601043/; classtype:trojan-activity;sid:84464143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.152.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601042/; classtype:trojan-activity;sid:84464142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.11.240"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601041/; classtype:trojan-activity;sid:84464141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.67.155"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601040/; classtype:trojan-activity;sid:84464140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.225.12.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601039/; classtype:trojan-activity;sid:84464139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.225.12.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601038/; classtype:trojan-activity;sid:84464138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.13.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601037/; classtype:trojan-activity;sid:84464137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.8.173.146"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601036/; classtype:trojan-activity;sid:84464136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.44.39"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601034/; classtype:trojan-activity;sid:84464134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.164.80"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601035/; classtype:trojan-activity;sid:84464135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.198.186"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601033/; classtype:trojan-activity;sid:84464133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.13.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601032/; classtype:trojan-activity;sid:84464132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.78.249"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601031/; classtype:trojan-activity;sid:84464131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.67.155"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601030/; classtype:trojan-activity;sid:84464130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.38.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601029/; classtype:trojan-activity;sid:84464129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.142.25"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601028/; classtype:trojan-activity;sid:84464128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.151.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601027/; classtype:trojan-activity;sid:84464127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.157.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601026/; classtype:trojan-activity;sid:84464126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.203.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601025/; classtype:trojan-activity;sid:84464125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.38.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601024/; classtype:trojan-activity;sid:84464124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.192.218"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601023/; classtype:trojan-activity;sid:84464123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.173.116"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601022/; classtype:trojan-activity;sid:84464122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.151.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601021/; classtype:trojan-activity;sid:84464121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.157.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601020/; classtype:trojan-activity;sid:84464120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.193.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601019/; classtype:trojan-activity;sid:84464119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.80.121.234"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601018/; classtype:trojan-activity;sid:84464118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.81.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601017/; classtype:trojan-activity;sid:84464117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.138.11"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601016/; classtype:trojan-activity;sid:84464116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.41.89"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601015/; classtype:trojan-activity;sid:84464115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.218"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601014/; classtype:trojan-activity;sid:84464114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.146.104"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601012/; classtype:trojan-activity;sid:84464112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.173.116"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601013/; classtype:trojan-activity;sid:84464113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.138.11"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601011/; classtype:trojan-activity;sid:84464111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601010/; classtype:trojan-activity;sid:84464110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm/"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601009/; classtype:trojan-activity;sid:84464109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.81.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601008/; classtype:trojan-activity;sid:84464108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.176.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601007/; classtype:trojan-activity;sid:84464107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.5.179"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601005/; classtype:trojan-activity;sid:84464105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.29.225.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601006/; classtype:trojan-activity;sid:84464106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.171.45.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601003/; classtype:trojan-activity;sid:84464103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601004/; classtype:trojan-activity;sid:84464104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601002/; classtype:trojan-activity;sid:84464102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600999/; classtype:trojan-activity;sid:84464099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601000/; classtype:trojan-activity;sid:84464100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.109.159.183"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3601001/; classtype:trojan-activity;sid:84464101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"103.238.235.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600997/; classtype:trojan-activity;sid:84464097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600998/; classtype:trojan-activity;sid:84464098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"140.237.37.225"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600996/; classtype:trojan-activity;sid:84464096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.171.165"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600995/; classtype:trojan-activity;sid:84464095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.146.104"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600994/; classtype:trojan-activity;sid:84464094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.208.85"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600993/; classtype:trojan-activity;sid:84464093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"140.237.37.225"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600992/; classtype:trojan-activity;sid:84464092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.175.3.58"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600991/; classtype:trojan-activity;sid:84464091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.123.143"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600990/; classtype:trojan-activity;sid:84464090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.150.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600989/; classtype:trojan-activity;sid:84464089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.153.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600988/; classtype:trojan-activity;sid:84464088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.20.205"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600987/; classtype:trojan-activity;sid:84464087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600986/; classtype:trojan-activity;sid:84464086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.23.142"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600985/; classtype:trojan-activity;sid:84464085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.32.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600984/; classtype:trojan-activity;sid:84464084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.244.12"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600983/; classtype:trojan-activity;sid:84464083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.20.205"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600982/; classtype:trojan-activity;sid:84464082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600981/; classtype:trojan-activity;sid:84464081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.105.13"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600980/; classtype:trojan-activity;sid:84464080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.48.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600979/; classtype:trojan-activity;sid:84464079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.48.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600978/; classtype:trojan-activity;sid:84464078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600977/; classtype:trojan-activity;sid:84464077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.klogd"; depth:12; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600976/; classtype:trojan-activity;sid:84464076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.upstart"; depth:14; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600975/; classtype:trojan-activity;sid:84464075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.dbusd"; depth:12; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600972/; classtype:trojan-activity;sid:84464072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.syncd"; depth:12; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600973/; classtype:trojan-activity;sid:84464073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.irqbal"; depth:13; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600974/; classtype:trojan-activity;sid:84464074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.netd"; depth:11; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600971/; classtype:trojan-activity;sid:84464071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.kthreadd"; depth:15; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600966/; classtype:trojan-activity;sid:84464066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.modprobe"; depth:15; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600967/; classtype:trojan-activity;sid:84464067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.udevmon"; depth:14; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600968/; classtype:trojan-activity;sid:84464068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.rsysl"; depth:12; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600969/; classtype:trojan-activity;sid:84464069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.ksysd"; depth:12; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600970/; classtype:trojan-activity;sid:84464070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/top1miku.i686"; depth:19; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600962/; classtype:trojan-activity;sid:84464062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/top1miku.arc"; depth:18; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600963/; classtype:trojan-activity;sid:84464063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.systemd-jd"; depth:17; endswith; nocase; http.host; content:"160.191.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600964/; classtype:trojan-activity;sid:84464064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600965/; classtype:trojan-activity;sid:84464065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600961/; classtype:trojan-activity;sid:84464061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600958/; classtype:trojan-activity;sid:84464058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600959/; classtype:trojan-activity;sid:84464059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600960/; classtype:trojan-activity;sid:84464060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7362782694/jjdxhis.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600940/; classtype:trojan-activity;sid:84464040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600941/; classtype:trojan-activity;sid:84464041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600942/; classtype:trojan-activity;sid:84464042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600943/; classtype:trojan-activity;sid:84464043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600944/; classtype:trojan-activity;sid:84464044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600945/; classtype:trojan-activity;sid:84464045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600946/; classtype:trojan-activity;sid:84464046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600947/; classtype:trojan-activity;sid:84464047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600948/; classtype:trojan-activity;sid:84464048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600949/; classtype:trojan-activity;sid:84464049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600950/; classtype:trojan-activity;sid:84464050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600951/; classtype:trojan-activity;sid:84464051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600952/; classtype:trojan-activity;sid:84464052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600953/; classtype:trojan-activity;sid:84464053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1528118067/x4ceb9n.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600954/; classtype:trojan-activity;sid:84464054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet.sh"; depth:10; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600955/; classtype:trojan-activity;sid:84464055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600956/; classtype:trojan-activity;sid:84464056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"87.248.150.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600957/; classtype:trojan-activity;sid:84464057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600937/; classtype:trojan-activity;sid:84464037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1781548144/a7ldygr.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600938/; classtype:trojan-activity;sid:84464038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600939/; classtype:trojan-activity;sid:84464039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600931/; classtype:trojan-activity;sid:84464031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600932/; classtype:trojan-activity;sid:84464032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600933/; classtype:trojan-activity;sid:84464033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"196.251.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600934/; classtype:trojan-activity;sid:84464034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"162.212.158.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600935/; classtype:trojan-activity;sid:84464035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jack5tr.sh"; depth:11; endswith; nocase; http.host; content:"45.117.80.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600936/; classtype:trojan-activity;sid:84464036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.65.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600930/; classtype:trojan-activity;sid:84464030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.42.136"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600929/; classtype:trojan-activity;sid:84464029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.40.11"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600928/; classtype:trojan-activity;sid:84464028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.60.233"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600927/; classtype:trojan-activity;sid:84464027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.116.186"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600926/; classtype:trojan-activity;sid:84464026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.247.222.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600925/; classtype:trojan-activity;sid:84464025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.24.107"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600924/; classtype:trojan-activity;sid:84464024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.130"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600923/; classtype:trojan-activity;sid:84464023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.42.136"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600922/; classtype:trojan-activity;sid:84464022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600921/; classtype:trojan-activity;sid:84464021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600920/; classtype:trojan-activity;sid:84464020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.82.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600919/; classtype:trojan-activity;sid:84464019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.239.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600918/; classtype:trojan-activity;sid:84464018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.193.117"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600917/; classtype:trojan-activity;sid:84464017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/htttht/botot/refs/heads/master/bin.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600916/; classtype:trojan-activity;sid:84464016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/htttht/botot/refs/heads/master/cvv.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600914/; classtype:trojan-activity;sid:84464014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.40.11"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600915/; classtype:trojan-activity;sid:84464015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.95.130"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600913/; classtype:trojan-activity;sid:84464013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.236.239"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600912/; classtype:trojan-activity;sid:84464012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.exe"; depth:7; endswith; nocase; http.host; content:"blaiz.me"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600911/; classtype:trojan-activity;sid:84464011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.18.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600910/; classtype:trojan-activity;sid:84464010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.228.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600909/; classtype:trojan-activity;sid:84464009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.239.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600908/; classtype:trojan-activity;sid:84464008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.179.254"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600907/; classtype:trojan-activity;sid:84464007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.41.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600906/; classtype:trojan-activity;sid:84464006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.100.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600905/; classtype:trojan-activity;sid:84464005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.236.16"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600904/; classtype:trojan-activity;sid:84464004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.248.235.149"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600903/; classtype:trojan-activity;sid:84464003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0y9uq.ps1"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600902/; classtype:trojan-activity;sid:84464002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fae7o7.txt"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600901/; classtype:trojan-activity;sid:84464001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ktuadz.txt"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600900/; classtype:trojan-activity;sid:84464000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0b9mnk.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600899/; classtype:trojan-activity;sid:84463999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.16.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600898/; classtype:trojan-activity;sid:84463998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.82.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600897/; classtype:trojan-activity;sid:84463997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.41.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600896/; classtype:trojan-activity;sid:84463996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qjnq0"; depth:6; endswith; nocase; http.host; content:"paste.rs"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600895/; classtype:trojan-activity;sid:84463995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r8qjpc.ps1"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600894/; classtype:trojan-activity;sid:84463994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5p8gn6.bin"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600893/; classtype:trojan-activity;sid:84463993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tw2b32.txt"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600892/; classtype:trojan-activity;sid:84463992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.236.16"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600891/; classtype:trojan-activity;sid:84463991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.100.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600890/; classtype:trojan-activity;sid:84463990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.248.235.149"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600888/; classtype:trojan-activity;sid:84463988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.57.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600889/; classtype:trojan-activity;sid:84463989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.255.172"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600887/; classtype:trojan-activity;sid:84463987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.245.199"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600886/; classtype:trojan-activity;sid:84463986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c4kpdz.txt"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600885/; classtype:trojan-activity;sid:84463985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uardbenict_05/03.txt"; depth:21; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600884/; classtype:trojan-activity;sid:84463984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/47bpf0.sys"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600883/; classtype:trojan-activity;sid:84463983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.255.172"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600882/; classtype:trojan-activity;sid:84463982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9jky8l.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600881/; classtype:trojan-activity;sid:84463981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.192.186"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600880/; classtype:trojan-activity;sid:84463980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"117.31.86.198"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600879/; classtype:trojan-activity;sid:84463979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"117.31.86.198"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600878/; classtype:trojan-activity;sid:84463978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"117.31.86.198"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600875/; classtype:trojan-activity;sid:84463975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"117.31.86.198"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600876/; classtype:trojan-activity;sid:84463976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"117.31.86.198"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600877/; classtype:trojan-activity;sid:84463977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"117.31.86.198"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600874/; classtype:trojan-activity;sid:84463974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.72.37"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600869/; classtype:trojan-activity;sid:84463969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.16.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600868/; classtype:trojan-activity;sid:84463968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.1.11"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600867/; classtype:trojan-activity;sid:84463967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.173.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600865/; classtype:trojan-activity;sid:84463965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.34.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600866/; classtype:trojan-activity;sid:84463966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.75.43"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600864/; classtype:trojan-activity;sid:84463964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.223.116"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600863/; classtype:trojan-activity;sid:84463963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.sh4"; depth:16; endswith; nocase; http.host; content:"192.159.99.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600862/; classtype:trojan-activity;sid:84463962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.arm6"; depth:17; endswith; nocase; http.host; content:"192.159.99.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600861/; classtype:trojan-activity;sid:84463961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.spc"; depth:16; endswith; nocase; http.host; content:"192.159.99.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600858/; classtype:trojan-activity;sid:84463958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.ppc"; depth:16; endswith; nocase; http.host; content:"192.159.99.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600859/; classtype:trojan-activity;sid:84463959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.x86"; depth:16; endswith; nocase; http.host; content:"192.159.99.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600860/; classtype:trojan-activity;sid:84463960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.mips"; depth:17; endswith; nocase; http.host; content:"192.159.99.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600857/; classtype:trojan-activity;sid:84463957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.arm"; depth:16; endswith; nocase; http.host; content:"192.159.99.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600856/; classtype:trojan-activity;sid:84463956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.m68k"; depth:17; endswith; nocase; http.host; content:"192.159.99.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600852/; classtype:trojan-activity;sid:84463952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.arm5"; depth:17; endswith; nocase; http.host; content:"192.159.99.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600853/; classtype:trojan-activity;sid:84463953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.arm7"; depth:17; endswith; nocase; http.host; content:"192.159.99.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600854/; classtype:trojan-activity;sid:84463954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.mpsl"; depth:17; endswith; nocase; http.host; content:"192.159.99.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600855/; classtype:trojan-activity;sid:84463955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"193.233.165.232"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600850/; classtype:trojan-activity;sid:84463950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"18.209.31.252"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600851/; classtype:trojan-activity;sid:84463951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.179.254"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600849/; classtype:trojan-activity;sid:84463949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"59.182.95.212"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600848/; classtype:trojan-activity;sid:84463948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.217.16.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600845/; classtype:trojan-activity;sid:84463945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.45.88.126"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600846/; classtype:trojan-activity;sid:84463946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.110.130.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600847/; classtype:trojan-activity;sid:84463947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.147.193"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600844/; classtype:trojan-activity;sid:84463944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.197.252.54"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600842/; classtype:trojan-activity;sid:84463942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.152.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600843/; classtype:trojan-activity;sid:84463943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.185.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600840/; classtype:trojan-activity;sid:84463940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.81.96.126"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600841/; classtype:trojan-activity;sid:84463941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"27.68.54.6"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600835/; classtype:trojan-activity;sid:84463935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.142.217.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600836/; classtype:trojan-activity;sid:84463936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.75.128.157"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600837/; classtype:trojan-activity;sid:84463937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"59.182.122.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600838/; classtype:trojan-activity;sid:84463938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.50.203.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600839/; classtype:trojan-activity;sid:84463939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.170.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600832/; classtype:trojan-activity;sid:84463932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.34.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600833/; classtype:trojan-activity;sid:84463933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.157.28.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600834/; classtype:trojan-activity;sid:84463934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.23.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600831/; classtype:trojan-activity;sid:84463931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.223.116"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600830/; classtype:trojan-activity;sid:84463930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yufio"; depth:6; endswith; nocase; http.host; content:"lopakia1325a.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600829/; classtype:trojan-activity;sid:84463929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.86.12"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600828/; classtype:trojan-activity;sid:84463928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.i486"; depth:11; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600827/; classtype:trojan-activity;sid:84463927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.powerpc"; depth:14; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600808/; classtype:trojan-activity;sid:84463908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.mips"; depth:11; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600809/; classtype:trojan-activity;sid:84463909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.armv4l"; depth:13; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600810/; classtype:trojan-activity;sid:84463910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.fbsdi386"; depth:15; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600811/; classtype:trojan-activity;sid:84463911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.m68k"; depth:11; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600812/; classtype:trojan-activity;sid:84463912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.arc700"; depth:13; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600813/; classtype:trojan-activity;sid:84463913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.mipsel"; depth:13; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600814/; classtype:trojan-activity;sid:84463914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.fbsdarm64"; depth:16; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600815/; classtype:trojan-activity;sid:84463915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.x86_64"; depth:13; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600816/; classtype:trojan-activity;sid:84463916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.i586"; depth:11; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600817/; classtype:trojan-activity;sid:84463917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.fbsdamd64"; depth:16; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600818/; classtype:trojan-activity;sid:84463918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.sparc"; depth:12; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600819/; classtype:trojan-activity;sid:84463919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.i686"; depth:11; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600820/; classtype:trojan-activity;sid:84463920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.armv7l"; depth:13; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600821/; classtype:trojan-activity;sid:84463921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.armv5l"; depth:13; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600822/; classtype:trojan-activity;sid:84463922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.fbsdpowerpc"; depth:18; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600823/; classtype:trojan-activity;sid:84463923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.sh4"; depth:10; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600824/; classtype:trojan-activity;sid:84463924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.armv6l"; depth:13; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600825/; classtype:trojan-activity;sid:84463925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.powerpc-440fp"; depth:20; endswith; nocase; http.host; content:"74-194-191-52.htvlcmta01.com.dyn.suddenlink.net"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600826/; classtype:trojan-activity;sid:84463926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.powerpc"; depth:14; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600788/; classtype:trojan-activity;sid:84463888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.armv6l"; depth:13; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600789/; classtype:trojan-activity;sid:84463889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.sh4"; depth:10; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600790/; classtype:trojan-activity;sid:84463890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.fbsdamd64"; depth:16; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600791/; classtype:trojan-activity;sid:84463891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.mips"; depth:11; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600792/; classtype:trojan-activity;sid:84463892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.x86_64"; depth:13; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600793/; classtype:trojan-activity;sid:84463893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.fbsdi386"; depth:15; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600794/; classtype:trojan-activity;sid:84463894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.sparc"; depth:12; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600795/; classtype:trojan-activity;sid:84463895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.i686"; depth:11; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600796/; classtype:trojan-activity;sid:84463896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.mipsel"; depth:13; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600797/; classtype:trojan-activity;sid:84463897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.arc700"; depth:13; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600798/; classtype:trojan-activity;sid:84463898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.armv7l"; depth:13; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600799/; classtype:trojan-activity;sid:84463899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.armv4l"; depth:13; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600800/; classtype:trojan-activity;sid:84463900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.fbsdpowerpc"; depth:18; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600801/; classtype:trojan-activity;sid:84463901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.m68k"; depth:11; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600802/; classtype:trojan-activity;sid:84463902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.i486"; depth:11; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600803/; classtype:trojan-activity;sid:84463903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.i586"; depth:11; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600804/; classtype:trojan-activity;sid:84463904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.powerpc-440fp"; depth:20; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600805/; classtype:trojan-activity;sid:84463905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.armv5l"; depth:13; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600806/; classtype:trojan-activity;sid:84463906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo.fbsdarm64"; depth:16; endswith; nocase; http.host; content:"74.194.191.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600807/; classtype:trojan-activity;sid:84463907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.182.46.19"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600787/; classtype:trojan-activity;sid:84463887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/timer.jquery.js"; depth:19; endswith; nocase; http.host; content:"googletagamnager.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600786/; classtype:trojan-activity;sid:84463886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/timer.jquery.js"; depth:19; endswith; nocase; http.host; content:"bialball.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600785/; classtype:trojan-activity;sid:84463885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.93.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600784/; classtype:trojan-activity;sid:84463884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.88.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600783/; classtype:trojan-activity;sid:84463883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.23.142"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600782/; classtype:trojan-activity;sid:84463882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.19.185"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600781/; classtype:trojan-activity;sid:84463881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.37.119.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600780/; classtype:trojan-activity;sid:84463880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.74.138"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600777/; classtype:trojan-activity;sid:84463877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.239.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600778/; classtype:trojan-activity;sid:84463878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.1.11"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600779/; classtype:trojan-activity;sid:84463879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.250.142"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600776/; classtype:trojan-activity;sid:84463876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.60.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600775/; classtype:trojan-activity;sid:84463875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.100.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600774/; classtype:trojan-activity;sid:84463874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.60.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600773/; classtype:trojan-activity;sid:84463873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.124.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600771/; classtype:trojan-activity;sid:84463871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6887243549/b5qdslv.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600772/; classtype:trojan-activity;sid:84463872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.237.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600770/; classtype:trojan-activity;sid:84463870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.159.57"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600769/; classtype:trojan-activity;sid:84463869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.210.160"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600768/; classtype:trojan-activity;sid:84463868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.115.26"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600767/; classtype:trojan-activity;sid:84463867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_6ce89fee1d04446b8f852e7e08c9df85.txt"; depth:45; endswith; nocase; http.host; content:"smoke.infinityfree.me"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600766/; classtype:trojan-activity;sid:84463866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ravenqx/qweqwe/releases/download/release/kapsamine.exe"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600765/; classtype:trojan-activity;sid:84463865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ravenqx/qweqwe/releases/download/release/shellmanager.exe"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600764/; classtype:trojan-activity;sid:84463864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ravenqx/qweqwe/releases/download/release/launcher.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600763/; classtype:trojan-activity;sid:84463863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ravenqx/qweqwe/releases/download/release/svchostst.exe"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600762/; classtype:trojan-activity;sid:84463862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ravenqx/qweqwe/releases/download/release/svchosts.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600761/; classtype:trojan-activity;sid:84463861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.124.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600760/; classtype:trojan-activity;sid:84463860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.230.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600758/; classtype:trojan-activity;sid:84463858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.180.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600759/; classtype:trojan-activity;sid:84463859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.142.205"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600757/; classtype:trojan-activity;sid:84463857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.8.200"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600756/; classtype:trojan-activity;sid:84463856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.150.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600755/; classtype:trojan-activity;sid:84463855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.180.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600754/; classtype:trojan-activity;sid:84463854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.4.106"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600753/; classtype:trojan-activity;sid:84463853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.8.200"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600752/; classtype:trojan-activity;sid:84463852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.123.59"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600751/; classtype:trojan-activity;sid:84463851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.203.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600750/; classtype:trojan-activity;sid:84463850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.228.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600749/; classtype:trojan-activity;sid:84463849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.37.123"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600748/; classtype:trojan-activity;sid:84463848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.30"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600747/; classtype:trojan-activity;sid:84463847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.4.106"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600746/; classtype:trojan-activity;sid:84463846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.117.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600745/; classtype:trojan-activity;sid:84463845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.73.143"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600744/; classtype:trojan-activity;sid:84463844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600743/; classtype:trojan-activity;sid:84463843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.243.140.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600742/; classtype:trojan-activity;sid:84463842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.32.113"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600741/; classtype:trojan-activity;sid:84463841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.32.96"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600740/; classtype:trojan-activity;sid:84463840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.3.41.112"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600739/; classtype:trojan-activity;sid:84463839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.0.254"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600738/; classtype:trojan-activity;sid:84463838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.30"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600737/; classtype:trojan-activity;sid:84463837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600735/; classtype:trojan-activity;sid:84463835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.4.227"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600736/; classtype:trojan-activity;sid:84463836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.4.227"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600734/; classtype:trojan-activity;sid:84463834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.231.235"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600733/; classtype:trojan-activity;sid:84463833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.123.59"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600732/; classtype:trojan-activity;sid:84463832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.146.102"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600730/; classtype:trojan-activity;sid:84463830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.32.96"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600731/; classtype:trojan-activity;sid:84463831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.34.218"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600729/; classtype:trojan-activity;sid:84463829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.168.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600727/; classtype:trojan-activity;sid:84463827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7720756496/biohu83.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600728/; classtype:trojan-activity;sid:84463828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.90.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600726/; classtype:trojan-activity;sid:84463826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.137.147.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600725/; classtype:trojan-activity;sid:84463825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.213.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600724/; classtype:trojan-activity;sid:84463824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.82.66"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600723/; classtype:trojan-activity;sid:84463823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.99.184"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600722/; classtype:trojan-activity;sid:84463822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600721/; classtype:trojan-activity;sid:84463821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfsa.exe"; depth:11; endswith; nocase; http.host; content:"figoura.ma"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600720/; classtype:trojan-activity;sid:84463820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.106.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600719/; classtype:trojan-activity;sid:84463819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.168.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600716/; classtype:trojan-activity;sid:84463816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.137.147.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600717/; classtype:trojan-activity;sid:84463817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.237.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600718/; classtype:trojan-activity;sid:84463818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.99.184"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600715/; classtype:trojan-activity;sid:84463815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"176.65.148.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600713/; classtype:trojan-activity;sid:84463813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"176.65.148.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600714/; classtype:trojan-activity;sid:84463814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600703/; classtype:trojan-activity;sid:84463803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600704/; classtype:trojan-activity;sid:84463804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"176.65.148.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600705/; classtype:trojan-activity;sid:84463805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"176.65.148.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600706/; classtype:trojan-activity;sid:84463806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"176.65.148.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600707/; classtype:trojan-activity;sid:84463807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"176.65.148.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600708/; classtype:trojan-activity;sid:84463808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"176.65.148.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600709/; classtype:trojan-activity;sid:84463809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.148.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600710/; classtype:trojan-activity;sid:84463810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"176.65.148.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600711/; classtype:trojan-activity;sid:84463811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.148.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600712/; classtype:trojan-activity;sid:84463812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"176.65.148.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600701/; classtype:trojan-activity;sid:84463801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"176.65.148.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600702/; classtype:trojan-activity;sid:84463802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"176.65.148.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600699/; classtype:trojan-activity;sid:84463799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"176.65.148.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600700/; classtype:trojan-activity;sid:84463800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"176.65.148.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600697/; classtype:trojan-activity;sid:84463797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"176.65.148.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600698/; classtype:trojan-activity;sid:84463798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600696/; classtype:trojan-activity;sid:84463796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"176.65.148.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600693/; classtype:trojan-activity;sid:84463793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"176.65.148.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600694/; classtype:trojan-activity;sid:84463794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"176.65.148.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600695/; classtype:trojan-activity;sid:84463795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600687/; classtype:trojan-activity;sid:84463787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600688/; classtype:trojan-activity;sid:84463788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600689/; classtype:trojan-activity;sid:84463789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600690/; classtype:trojan-activity;sid:84463790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600691/; classtype:trojan-activity;sid:84463791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"176.65.148.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600692/; classtype:trojan-activity;sid:84463792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.86.15"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600686/; classtype:trojan-activity;sid:84463786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.12.41"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600685/; classtype:trojan-activity;sid:84463785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.106.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600684/; classtype:trojan-activity;sid:84463784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.108.127"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600682/; classtype:trojan-activity;sid:84463782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.108.127"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600683/; classtype:trojan-activity;sid:84463783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.254.235"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600681/; classtype:trojan-activity;sid:84463781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.133.96"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600680/; classtype:trojan-activity;sid:84463780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.243.68"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600679/; classtype:trojan-activity;sid:84463779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.224.199"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600678/; classtype:trojan-activity;sid:84463778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.17.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600677/; classtype:trojan-activity;sid:84463777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.208.85"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600676/; classtype:trojan-activity;sid:84463776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.12.41"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600675/; classtype:trojan-activity;sid:84463775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/892962105/updoavi.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600674/; classtype:trojan-activity;sid:84463774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.133.96"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600673/; classtype:trojan-activity;sid:84463773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600672/; classtype:trojan-activity;sid:84463772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.81.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600671/; classtype:trojan-activity;sid:84463771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.123.143"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600670/; classtype:trojan-activity;sid:84463770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.0.254"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600669/; classtype:trojan-activity;sid:84463769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600666/; classtype:trojan-activity;sid:84463766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.191.82.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600667/; classtype:trojan-activity;sid:84463767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.8.173.146"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600668/; classtype:trojan-activity;sid:84463768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.32.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600665/; classtype:trojan-activity;sid:84463765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.142.135"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600664/; classtype:trojan-activity;sid:84463764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.175.10"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600663/; classtype:trojan-activity;sid:84463763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.88.153"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600660/; classtype:trojan-activity;sid:84463760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.38.99"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600661/; classtype:trojan-activity;sid:84463761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.142.135"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600662/; classtype:trojan-activity;sid:84463762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.213.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600659/; classtype:trojan-activity;sid:84463759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.220.253"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600658/; classtype:trojan-activity;sid:84463758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.224.199"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600657/; classtype:trojan-activity;sid:84463757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.190.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600656/; classtype:trojan-activity;sid:84463756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.191.82.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600655/; classtype:trojan-activity;sid:84463755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.0.48.127"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600654/; classtype:trojan-activity;sid:84463754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.35.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600653/; classtype:trojan-activity;sid:84463753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/balc.jpg"; depth:9; endswith; nocase; http.host; content:"streamcache.site"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600651/; classtype:trojan-activity;sid:84463751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6805932958/jrboh9k.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600652/; classtype:trojan-activity;sid:84463752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/villain.m68k"; depth:17; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600650/; classtype:trojan-activity;sid:84463750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/villain.sh4"; depth:16; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600645/; classtype:trojan-activity;sid:84463745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/villain.mips"; depth:17; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600646/; classtype:trojan-activity;sid:84463746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/villain.arm"; depth:16; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600647/; classtype:trojan-activity;sid:84463747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/villain.ppc"; depth:16; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600648/; classtype:trojan-activity;sid:84463748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/villain.m68k"; depth:13; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600649/; classtype:trojan-activity;sid:84463749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/villain.mpsl"; depth:17; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600638/; classtype:trojan-activity;sid:84463738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/villain.arm7"; depth:17; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600639/; classtype:trojan-activity;sid:84463739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600640/; classtype:trojan-activity;sid:84463740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600641/; classtype:trojan-activity;sid:84463741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/villain.x86_64"; depth:19; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600642/; classtype:trojan-activity;sid:84463742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/villain.arm5"; depth:17; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600643/; classtype:trojan-activity;sid:84463743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/villain.arm6"; depth:17; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600644/; classtype:trojan-activity;sid:84463744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/villain.mpsl"; depth:13; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600625/; classtype:trojan-activity;sid:84463725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/villain.arm5"; depth:13; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600626/; classtype:trojan-activity;sid:84463726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/villain.sh4"; depth:12; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600627/; classtype:trojan-activity;sid:84463727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/villain.arm"; depth:12; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600628/; classtype:trojan-activity;sid:84463728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/villain.arm7"; depth:13; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600629/; classtype:trojan-activity;sid:84463729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/villain.x86"; depth:12; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600630/; classtype:trojan-activity;sid:84463730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600631/; classtype:trojan-activity;sid:84463731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/villain.mips"; depth:13; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600632/; classtype:trojan-activity;sid:84463732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/villain.ppc"; depth:12; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600633/; classtype:trojan-activity;sid:84463733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/villain.x86_64"; depth:15; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600634/; classtype:trojan-activity;sid:84463734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/villain.arm6"; depth:13; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600635/; classtype:trojan-activity;sid:84463735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/example.sh"; depth:15; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600636/; classtype:trojan-activity;sid:84463736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmo/villain.x86"; depth:16; endswith; nocase; http.host; content:"103.149.177.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600637/; classtype:trojan-activity;sid:84463737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.56.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600624/; classtype:trojan-activity;sid:84463724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.220.253"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600622/; classtype:trojan-activity;sid:84463722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1229664666/13topur.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600620/; classtype:trojan-activity;sid:84463720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j.bin"; depth:6; endswith; nocase; http.host; content:"80.249.146.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600619/; classtype:trojan-activity;sid:84463719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g2.bin"; depth:7; endswith; nocase; http.host; content:"80.249.146.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600614/; classtype:trojan-activity;sid:84463714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sweet.bin"; depth:10; endswith; nocase; http.host; content:"80.249.146.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600615/; classtype:trojan-activity;sid:84463715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7983438838/yxpuodx.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600616/; classtype:trojan-activity;sid:84463716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.bin"; depth:6; endswith; nocase; http.host; content:"80.249.146.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600617/; classtype:trojan-activity;sid:84463717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r_o.exe"; depth:8; endswith; nocase; http.host; content:"80.249.146.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600618/; classtype:trojan-activity;sid:84463718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.0.48.127"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600602/; classtype:trojan-activity;sid:84463702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.35.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600601/; classtype:trojan-activity;sid:84463701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.arm7"; depth:15; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600597/; classtype:trojan-activity;sid:84463697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"176.65.149.158"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600598/; classtype:trojan-activity;sid:84463698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.149.158"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600599/; classtype:trojan-activity;sid:84463699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.arm6"; depth:15; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600600/; classtype:trojan-activity;sid:84463700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600596/; classtype:trojan-activity;sid:84463696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600590/; classtype:trojan-activity;sid:84463690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/example.sh"; depth:11; endswith; nocase; http.host; content:"196.251.73.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600591/; classtype:trojan-activity;sid:84463691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600592/; classtype:trojan-activity;sid:84463692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm4"; depth:15; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600593/; classtype:trojan-activity;sid:84463693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i468"; depth:26; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600594/; classtype:trojan-activity;sid:84463694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600595/; classtype:trojan-activity;sid:84463695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"176.65.149.158"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600577/; classtype:trojan-activity;sid:84463677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sparc"; depth:11; endswith; nocase; http.host; content:"176.65.149.158"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600578/; classtype:trojan-activity;sid:84463678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.arm"; depth:14; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600579/; classtype:trojan-activity;sid:84463679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"176.65.149.158"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600580/; classtype:trojan-activity;sid:84463680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.ppc"; depth:9; endswith; nocase; http.host; content:"176.65.149.158"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600581/; classtype:trojan-activity;sid:84463681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.i686"; depth:15; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600582/; classtype:trojan-activity;sid:84463682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm4"; depth:10; endswith; nocase; http.host; content:"176.65.149.158"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600583/; classtype:trojan-activity;sid:84463683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"176.65.149.158"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600584/; classtype:trojan-activity;sid:84463684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.mips"; depth:15; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600585/; classtype:trojan-activity;sid:84463685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.mpsl"; depth:15; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600586/; classtype:trojan-activity;sid:84463686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.x86"; depth:14; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600587/; classtype:trojan-activity;sid:84463687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.arm5"; depth:15; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600588/; classtype:trojan-activity;sid:84463688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.ppc"; depth:14; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600589/; classtype:trojan-activity;sid:84463689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600576/; classtype:trojan-activity;sid:84463676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips64"; depth:40; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600572/; classtype:trojan-activity;sid:84463672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0c748b9e8bc6b5b4/proc.bin"; depth:26; endswith; nocase; http.host; content:"cdn.tempfile.pro"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600573/; classtype:trojan-activity;sid:84463673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.sh4"; depth:14; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600574/; classtype:trojan-activity;sid:84463674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.m68k"; depth:15; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600575/; classtype:trojan-activity;sid:84463675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600564/; classtype:trojan-activity;sid:84463664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600565/; classtype:trojan-activity;sid:84463665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600566/; classtype:trojan-activity;sid:84463666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sparc"; depth:39; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600567/; classtype:trojan-activity;sid:84463667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.spc"; depth:14; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600568/; classtype:trojan-activity;sid:84463668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600569/; classtype:trojan-activity;sid:84463669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/meihao.arc"; depth:14; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600570/; classtype:trojan-activity;sid:84463670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600571/; classtype:trojan-activity;sid:84463671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.i468"; depth:26; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600557/; classtype:trojan-activity;sid:84463657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.i468"; depth:16; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600558/; classtype:trojan-activity;sid:84463658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600559/; classtype:trojan-activity;sid:84463659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600560/; classtype:trojan-activity;sid:84463660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600561/; classtype:trojan-activity;sid:84463661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600562/; classtype:trojan-activity;sid:84463662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600563/; classtype:trojan-activity;sid:84463663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600545/; classtype:trojan-activity;sid:84463645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/selfsa.exe"; depth:20; endswith; nocase; http.host; content:"eset-black.xyz"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600544/; classtype:trojan-activity;sid:84463644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.61.98"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600543/; classtype:trojan-activity;sid:84463643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.105.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600542/; classtype:trojan-activity;sid:84463642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ksamre.exe"; depth:11; endswith; nocase; http.host; content:"141.98.6.130"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600541/; classtype:trojan-activity;sid:84463641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.132.164.203"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600540/; classtype:trojan-activity;sid:84463640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.78.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600539/; classtype:trojan-activity;sid:84463639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.76.171"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600538/; classtype:trojan-activity;sid:84463638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.61.98"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600537/; classtype:trojan-activity;sid:84463637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.105.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600536/; classtype:trojan-activity;sid:84463636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ssh.mips"; depth:14; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600535/; classtype:trojan-activity;sid:84463635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ssh.arm"; depth:13; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600534/; classtype:trojan-activity;sid:84463634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ssh.arm7"; depth:14; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600533/; classtype:trojan-activity;sid:84463633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ssh.arm6"; depth:14; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600527/; classtype:trojan-activity;sid:84463627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ssh.arm5"; depth:14; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600528/; classtype:trojan-activity;sid:84463628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ssh.sh4"; depth:13; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600529/; classtype:trojan-activity;sid:84463629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ssh.ppc"; depth:13; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600530/; classtype:trojan-activity;sid:84463630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ssh.x86_64"; depth:16; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600531/; classtype:trojan-activity;sid:84463631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ssh.mpsl"; depth:14; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600532/; classtype:trojan-activity;sid:84463632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.rsysl"; depth:12; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600524/; classtype:trojan-activity;sid:84463624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.ksysd"; depth:12; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600525/; classtype:trojan-activity;sid:84463625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/top1miku.i686"; depth:19; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600526/; classtype:trojan-activity;sid:84463626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.235.148.10"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600523/; classtype:trojan-activity;sid:84463623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.klogd"; depth:12; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600521/; classtype:trojan-activity;sid:84463621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.181"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600522/; classtype:trojan-activity;sid:84463622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/top1miku.arc"; depth:18; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600511/; classtype:trojan-activity;sid:84463611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.upstart"; depth:14; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600512/; classtype:trojan-activity;sid:84463612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.syncd"; depth:12; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600513/; classtype:trojan-activity;sid:84463613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.irqbal"; depth:13; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600514/; classtype:trojan-activity;sid:84463614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.systemd-jd"; depth:17; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600515/; classtype:trojan-activity;sid:84463615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.kthreadd"; depth:15; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600516/; classtype:trojan-activity;sid:84463616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.netd"; depth:11; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600517/; classtype:trojan-activity;sid:84463617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.dbusd"; depth:12; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600518/; classtype:trojan-activity;sid:84463618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.udevmon"; depth:14; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600519/; classtype:trojan-activity;sid:84463619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.modprobe"; depth:15; endswith; nocase; http.host; content:"89.42.88.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600520/; classtype:trojan-activity;sid:84463620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/litesigner.exe"; depth:15; endswith; nocase; http.host; content:"pub-524ff5e58eb84c258a759668f92a8064.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600510/; classtype:trojan-activity;sid:84463610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cnc"; depth:9; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600509/; classtype:trojan-activity;sid:84463609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/huawei"; depth:12; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600508/; classtype:trojan-activity;sid:84463608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.109.42"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600507/; classtype:trojan-activity;sid:84463607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/scan.x86"; depth:14; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600504/; classtype:trojan-activity;sid:84463604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sh"; depth:8; endswith; nocase; http.host; content:"176.65.149.158"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600505/; classtype:trojan-activity;sid:84463605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600506/; classtype:trojan-activity;sid:84463606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft/random.exe"; depth:16; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600502/; classtype:trojan-activity;sid:84463602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/scan.x32"; depth:14; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600503/; classtype:trojan-activity;sid:84463603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.mpsl"; depth:17; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600488/; classtype:trojan-activity;sid:84463588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1346363761/yaqnzys.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600489/; classtype:trojan-activity;sid:84463589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.x86"; depth:16; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600490/; classtype:trojan-activity;sid:84463590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600491/; classtype:trojan-activity;sid:84463591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.x86_64"; depth:19; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600492/; classtype:trojan-activity;sid:84463592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.m68k"; depth:17; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600493/; classtype:trojan-activity;sid:84463593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.arm6"; depth:17; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600494/; classtype:trojan-activity;sid:84463594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600495/; classtype:trojan-activity;sid:84463595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600496/; classtype:trojan-activity;sid:84463596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.arm5"; depth:17; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600497/; classtype:trojan-activity;sid:84463597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600498/; classtype:trojan-activity;sid:84463598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.mips"; depth:17; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600499/; classtype:trojan-activity;sid:84463599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.ppc"; depth:16; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600500/; classtype:trojan-activity;sid:84463600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.arm"; depth:16; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600501/; classtype:trojan-activity;sid:84463601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/934727036/sk0ibfl.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600485/; classtype:trojan-activity;sid:84463585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.spc"; depth:16; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600486/; classtype:trojan-activity;sid:84463586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.sh4"; depth:16; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600487/; classtype:trojan-activity;sid:84463587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1171504772/fsjfoyq.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600484/; classtype:trojan-activity;sid:84463584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.arm7"; depth:17; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600483/; classtype:trojan-activity;sid:84463583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600482/; classtype:trojan-activity;sid:84463582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"103.69.97.12"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600480/; classtype:trojan-activity;sid:84463580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7004780480/t8yocvp.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600477/; classtype:trojan-activity;sid:84463577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7720756496/bgxie5v.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600478/; classtype:trojan-activity;sid:84463578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7687975642/lxbldo2.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600479/; classtype:trojan-activity;sid:84463579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.78.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600476/; classtype:trojan-activity;sid:84463576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.76.171"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600475/; classtype:trojan-activity;sid:84463575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.101.203"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600474/; classtype:trojan-activity;sid:84463574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.33.12"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600473/; classtype:trojan-activity;sid:84463573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.109.42"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600472/; classtype:trojan-activity;sid:84463572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.11.110"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600471/; classtype:trojan-activity;sid:84463571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.92.176"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600470/; classtype:trojan-activity;sid:84463570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.200.17.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600469/; classtype:trojan-activity;sid:84463569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.74.180"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600467/; classtype:trojan-activity;sid:84463567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.118.36.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600468/; classtype:trojan-activity;sid:84463568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.26.224"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600466/; classtype:trojan-activity;sid:84463566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.101.203"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600465/; classtype:trojan-activity;sid:84463565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.11.110"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600464/; classtype:trojan-activity;sid:84463564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.182.104"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600463/; classtype:trojan-activity;sid:84463563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.149.53"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600462/; classtype:trojan-activity;sid:84463562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.26.224"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600461/; classtype:trojan-activity;sid:84463561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.74.180"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600460/; classtype:trojan-activity;sid:84463560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.118.36.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600459/; classtype:trojan-activity;sid:84463559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.135.140.198"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600458/; classtype:trojan-activity;sid:84463558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.33.12"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600457/; classtype:trojan-activity;sid:84463557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.231.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600456/; classtype:trojan-activity;sid:84463556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.89.59"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600455/; classtype:trojan-activity;sid:84463555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.135.140.198"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600454/; classtype:trojan-activity;sid:84463554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.115.197"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600453/; classtype:trojan-activity;sid:84463553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.227.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600452/; classtype:trojan-activity;sid:84463552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.89.59"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600451/; classtype:trojan-activity;sid:84463551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.31.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600450/; classtype:trojan-activity;sid:84463550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.14.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600449/; classtype:trojan-activity;sid:84463549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.40.240.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600448/; classtype:trojan-activity;sid:84463548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.251.98.109"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600447/; classtype:trojan-activity;sid:84463547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.31.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600446/; classtype:trojan-activity;sid:84463546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.40.240.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600445/; classtype:trojan-activity;sid:84463545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.231.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600444/; classtype:trojan-activity;sid:84463544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.239.156"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600443/; classtype:trojan-activity;sid:84463543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.147.28"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600442/; classtype:trojan-activity;sid:84463542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.24.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600440/; classtype:trojan-activity;sid:84463540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.41.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600441/; classtype:trojan-activity;sid:84463541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.253.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600439/; classtype:trojan-activity;sid:84463539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.155.193"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600438/; classtype:trojan-activity;sid:84463538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.52.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600437/; classtype:trojan-activity;sid:84463537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.50.65"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600436/; classtype:trojan-activity;sid:84463536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.24.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600435/; classtype:trojan-activity;sid:84463535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.14.221"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600434/; classtype:trojan-activity;sid:84463534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.155.193"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600433/; classtype:trojan-activity;sid:84463533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.149.83"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600432/; classtype:trojan-activity;sid:84463532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.208.16"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600431/; classtype:trojan-activity;sid:84463531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600430/; classtype:trojan-activity;sid:84463530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600423/; classtype:trojan-activity;sid:84463523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600424/; classtype:trojan-activity;sid:84463524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600425/; classtype:trojan-activity;sid:84463525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600426/; classtype:trojan-activity;sid:84463526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600427/; classtype:trojan-activity;sid:84463527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600428/; classtype:trojan-activity;sid:84463528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600429/; classtype:trojan-activity;sid:84463529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.8.227.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600419/; classtype:trojan-activity;sid:84463519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600420/; classtype:trojan-activity;sid:84463520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600421/; classtype:trojan-activity;sid:84463521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"185.194.177.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600422/; classtype:trojan-activity;sid:84463522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.41.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600418/; classtype:trojan-activity;sid:84463518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.147.28"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600417/; classtype:trojan-activity;sid:84463517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.198.140.250"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600416/; classtype:trojan-activity;sid:84463516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.50.65"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600415/; classtype:trojan-activity;sid:84463515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.15.193"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600413/; classtype:trojan-activity;sid:84463513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.76.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600414/; classtype:trojan-activity;sid:84463514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600412/; classtype:trojan-activity;sid:84463512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.14.221"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600411/; classtype:trojan-activity;sid:84463511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.84.254"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600410/; classtype:trojan-activity;sid:84463510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.8.224.147"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600409/; classtype:trojan-activity;sid:84463509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.76.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600408/; classtype:trojan-activity;sid:84463508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.198.140.250"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600407/; classtype:trojan-activity;sid:84463507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.115.104"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600406/; classtype:trojan-activity;sid:84463506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.245.199"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600405/; classtype:trojan-activity;sid:84463505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.84.254"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600404/; classtype:trojan-activity;sid:84463504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.227.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600403/; classtype:trojan-activity;sid:84463503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600401/; classtype:trojan-activity;sid:84463501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.210.10.157"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600402/; classtype:trojan-activity;sid:84463502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.15.193"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600400/; classtype:trojan-activity;sid:84463500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.23.87"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600399/; classtype:trojan-activity;sid:84463499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.128.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600398/; classtype:trojan-activity;sid:84463498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.156.231"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600397/; classtype:trojan-activity;sid:84463497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.23.87"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600396/; classtype:trojan-activity;sid:84463496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.116.75"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600395/; classtype:trojan-activity;sid:84463495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.156.231"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600394/; classtype:trojan-activity;sid:84463494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.191.32.197"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600393/; classtype:trojan-activity;sid:84463493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.64.191"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600392/; classtype:trojan-activity;sid:84463492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.10.157"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600391/; classtype:trojan-activity;sid:84463491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.200.180"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600390/; classtype:trojan-activity;sid:84463490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.119.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600389/; classtype:trojan-activity;sid:84463489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.45.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600388/; classtype:trojan-activity;sid:84463488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.231.144"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600387/; classtype:trojan-activity;sid:84463487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.64.191"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600386/; classtype:trojan-activity;sid:84463486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.109.220"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600385/; classtype:trojan-activity;sid:84463485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.45.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600384/; classtype:trojan-activity;sid:84463484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.246.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600383/; classtype:trojan-activity;sid:84463483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.253.237"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600382/; classtype:trojan-activity;sid:84463482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.26.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600381/; classtype:trojan-activity;sid:84463481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.237.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600380/; classtype:trojan-activity;sid:84463480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.231.144"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600379/; classtype:trojan-activity;sid:84463479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.253.160"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600378/; classtype:trojan-activity;sid:84463478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.109.220"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600377/; classtype:trojan-activity;sid:84463477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.9.196"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600376/; classtype:trojan-activity;sid:84463476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.253.237"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600375/; classtype:trojan-activity;sid:84463475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.197.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600374/; classtype:trojan-activity;sid:84463474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.22.200"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600373/; classtype:trojan-activity;sid:84463473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.9.196"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600372/; classtype:trojan-activity;sid:84463472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.216.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600371/; classtype:trojan-activity;sid:84463471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.130.208.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600370/; classtype:trojan-activity;sid:84463470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.130.208.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600369/; classtype:trojan-activity;sid:84463469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.223.23"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600368/; classtype:trojan-activity;sid:84463468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.59.105.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600367/; classtype:trojan-activity;sid:84463467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.21.118.166"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600366/; classtype:trojan-activity;sid:84463466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.180.165"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600365/; classtype:trojan-activity;sid:84463465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.9.224"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600364/; classtype:trojan-activity;sid:84463464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600363/; classtype:trojan-activity;sid:84463463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600362/; classtype:trojan-activity;sid:84463462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600359/; classtype:trojan-activity;sid:84463459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600360/; classtype:trojan-activity;sid:84463460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600361/; classtype:trojan-activity;sid:84463461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600358/; classtype:trojan-activity;sid:84463458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600355/; classtype:trojan-activity;sid:84463455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600356/; classtype:trojan-activity;sid:84463456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600357/; classtype:trojan-activity;sid:84463457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600348/; classtype:trojan-activity;sid:84463448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600349/; classtype:trojan-activity;sid:84463449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600350/; classtype:trojan-activity;sid:84463450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600351/; classtype:trojan-activity;sid:84463451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600352/; classtype:trojan-activity;sid:84463452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600353/; classtype:trojan-activity;sid:84463453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600354/; classtype:trojan-activity;sid:84463454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600341/; classtype:trojan-activity;sid:84463441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600342/; classtype:trojan-activity;sid:84463442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600343/; classtype:trojan-activity;sid:84463443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600344/; classtype:trojan-activity;sid:84463444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600345/; classtype:trojan-activity;sid:84463445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"196.251.114.207"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600346/; classtype:trojan-activity;sid:84463446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"196.251.118.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600347/; classtype:trojan-activity;sid:84463447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.9.224"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600340/; classtype:trojan-activity;sid:84463440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.65.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600339/; classtype:trojan-activity;sid:84463439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.223.23"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600338/; classtype:trojan-activity;sid:84463438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.230.141.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600337/; classtype:trojan-activity;sid:84463437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.242.167"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600336/; classtype:trojan-activity;sid:84463436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.244.36.34"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600335/; classtype:trojan-activity;sid:84463435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.250.142"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600334/; classtype:trojan-activity;sid:84463434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.65.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600333/; classtype:trojan-activity;sid:84463433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.230.141.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600332/; classtype:trojan-activity;sid:84463432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.244.36.34"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600331/; classtype:trojan-activity;sid:84463431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.210.48"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600330/; classtype:trojan-activity;sid:84463430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.207.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600329/; classtype:trojan-activity;sid:84463429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.210.48"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600328/; classtype:trojan-activity;sid:84463428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.179.223"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600327/; classtype:trojan-activity;sid:84463427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.218.13"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600326/; classtype:trojan-activity;sid:84463426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.126.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600324/; classtype:trojan-activity;sid:84463424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.105.76.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600325/; classtype:trojan-activity;sid:84463425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.208.251"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600323/; classtype:trojan-activity;sid:84463423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.207.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600322/; classtype:trojan-activity;sid:84463422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.56.136"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600321/; classtype:trojan-activity;sid:84463421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.208.251"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600320/; classtype:trojan-activity;sid:84463420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.173.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600319/; classtype:trojan-activity;sid:84463419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.81.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600318/; classtype:trojan-activity;sid:84463418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.28.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600317/; classtype:trojan-activity;sid:84463417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.230.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600316/; classtype:trojan-activity;sid:84463416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.81.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600315/; classtype:trojan-activity;sid:84463415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.28.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600314/; classtype:trojan-activity;sid:84463414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.87.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600313/; classtype:trojan-activity;sid:84463413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600312/; classtype:trojan-activity;sid:84463412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600296/; classtype:trojan-activity;sid:84463396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; depth:40; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600297/; classtype:trojan-activity;sid:84463397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; depth:38; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600298/; classtype:trojan-activity;sid:84463398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.spc"; depth:37; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600299/; classtype:trojan-activity;sid:84463399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; depth:38; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600300/; classtype:trojan-activity;sid:84463400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; depth:38; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600301/; classtype:trojan-activity;sid:84463401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; depth:38; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600302/; classtype:trojan-activity;sid:84463402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arc"; depth:37; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600303/; classtype:trojan-activity;sid:84463403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; depth:37; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600304/; classtype:trojan-activity;sid:84463404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; depth:37; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600305/; classtype:trojan-activity;sid:84463405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; depth:38; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600306/; classtype:trojan-activity;sid:84463406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; depth:37; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600307/; classtype:trojan-activity;sid:84463407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; depth:37; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600308/; classtype:trojan-activity;sid:84463408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; depth:38; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600309/; classtype:trojan-activity;sid:84463409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; depth:38; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600310/; classtype:trojan-activity;sid:84463410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"157.15.124.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600311/; classtype:trojan-activity;sid:84463411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600291/; classtype:trojan-activity;sid:84463391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600292/; classtype:trojan-activity;sid:84463392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600293/; classtype:trojan-activity;sid:84463393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600294/; classtype:trojan-activity;sid:84463394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600295/; classtype:trojan-activity;sid:84463395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600290/; classtype:trojan-activity;sid:84463390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600286/; classtype:trojan-activity;sid:84463386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600287/; classtype:trojan-activity;sid:84463387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600288/; classtype:trojan-activity;sid:84463388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"31.42.188.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600289/; classtype:trojan-activity;sid:84463389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"115.187.17.5"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600285/; classtype:trojan-activity;sid:84463385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"185.196.10.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600284/; classtype:trojan-activity;sid:84463384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.156.168.28"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600283/; classtype:trojan-activity;sid:84463383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"60.204.198.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600282/; classtype:trojan-activity;sid:84463382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"60.204.198.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600281/; classtype:trojan-activity;sid:84463381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.88.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600280/; classtype:trojan-activity;sid:84463380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.165.174.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600279/; classtype:trojan-activity;sid:84463379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.130.138.192"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600261/; classtype:trojan-activity;sid:84463361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.253.154.184"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600262/; classtype:trojan-activity;sid:84463362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.23.236.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600263/; classtype:trojan-activity;sid:84463363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.24.247.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600264/; classtype:trojan-activity;sid:84463364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.74.179.144"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600265/; classtype:trojan-activity;sid:84463365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.165.174.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600266/; classtype:trojan-activity;sid:84463366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.157.28.87"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600267/; classtype:trojan-activity;sid:84463367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.249.245.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600268/; classtype:trojan-activity;sid:84463368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.161.243.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600269/; classtype:trojan-activity;sid:84463369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.54.49.222"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600270/; classtype:trojan-activity;sid:84463370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"181.200.10.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600271/; classtype:trojan-activity;sid:84463371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.216.71.2"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600272/; classtype:trojan-activity;sid:84463372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.43.123.64"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600273/; classtype:trojan-activity;sid:84463373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.244.193.241"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600274/; classtype:trojan-activity;sid:84463374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.100.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600275/; classtype:trojan-activity;sid:84463375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"189.222.50.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600276/; classtype:trojan-activity;sid:84463376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.184.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600277/; classtype:trojan-activity;sid:84463377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"171.235.214.13"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600278/; classtype:trojan-activity;sid:84463378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.139.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600255/; classtype:trojan-activity;sid:84463355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.149.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600256/; classtype:trojan-activity;sid:84463356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"77.179.97.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600257/; classtype:trojan-activity;sid:84463357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.24.247.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600258/; classtype:trojan-activity;sid:84463358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.91.3.151"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600259/; classtype:trojan-activity;sid:84463359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.24.247.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600260/; classtype:trojan-activity;sid:84463360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.171.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600251/; classtype:trojan-activity;sid:84463351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.18.186.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600252/; classtype:trojan-activity;sid:84463352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"94.44.82.3"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600253/; classtype:trojan-activity;sid:84463353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.165.113.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600254/; classtype:trojan-activity;sid:84463354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"171.234.167.200"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600250/; classtype:trojan-activity;sid:84463350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.142.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600249/; classtype:trojan-activity;sid:84463349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.57.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600248/; classtype:trojan-activity;sid:84463348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.87.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600247/; classtype:trojan-activity;sid:84463347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.197.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600246/; classtype:trojan-activity;sid:84463346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.142.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600245/; classtype:trojan-activity;sid:84463345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.19.199"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600244/; classtype:trojan-activity;sid:84463344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.166"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600243/; classtype:trojan-activity;sid:84463343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.149.127"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600242/; classtype:trojan-activity;sid:84463342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.189.129"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600241/; classtype:trojan-activity;sid:84463341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.80.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600240/; classtype:trojan-activity;sid:84463340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.13.158"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600239/; classtype:trojan-activity;sid:84463339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.191.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600237/; classtype:trojan-activity;sid:84463337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.166"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600238/; classtype:trojan-activity;sid:84463338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.103.93"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600236/; classtype:trojan-activity;sid:84463336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.38.208"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600235/; classtype:trojan-activity;sid:84463335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.149.127"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600234/; classtype:trojan-activity;sid:84463334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.87"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600233/; classtype:trojan-activity;sid:84463333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.103.93"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600232/; classtype:trojan-activity;sid:84463332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.191.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600231/; classtype:trojan-activity;sid:84463331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.38.208"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600230/; classtype:trojan-activity;sid:84463330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.182.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600229/; classtype:trojan-activity;sid:84463329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm7"; depth:6; endswith; nocase; http.host; content:"193.46.255.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600227/; classtype:trojan-activity;sid:84463327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"193.46.255.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600228/; classtype:trojan-activity;sid:84463328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"193.46.255.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600219/; classtype:trojan-activity;sid:84463319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"193.46.255.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600220/; classtype:trojan-activity;sid:84463320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"193.46.255.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600221/; classtype:trojan-activity;sid:84463321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"193.46.255.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600222/; classtype:trojan-activity;sid:84463322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"193.46.255.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600223/; classtype:trojan-activity;sid:84463323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"193.46.255.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600224/; classtype:trojan-activity;sid:84463324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"193.46.255.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600225/; classtype:trojan-activity;sid:84463325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"193.46.255.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600226/; classtype:trojan-activity;sid:84463326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"144.172.106.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600214/; classtype:trojan-activity;sid:84463314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"144.172.106.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600215/; classtype:trojan-activity;sid:84463315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"144.172.106.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600216/; classtype:trojan-activity;sid:84463316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"144.172.106.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600217/; classtype:trojan-activity;sid:84463317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"193.46.255.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600218/; classtype:trojan-activity;sid:84463318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"144.172.106.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600209/; classtype:trojan-activity;sid:84463309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"144.172.106.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600210/; classtype:trojan-activity;sid:84463310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"144.172.106.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600211/; classtype:trojan-activity;sid:84463311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"144.172.106.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600212/; classtype:trojan-activity;sid:84463312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"144.172.106.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600213/; classtype:trojan-activity;sid:84463313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.124.67"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600208/; classtype:trojan-activity;sid:84463308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.32.113"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600207/; classtype:trojan-activity;sid:84463307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.201.47"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600206/; classtype:trojan-activity;sid:84463306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.8.46.114"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600205/; classtype:trojan-activity;sid:84463305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.102.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600204/; classtype:trojan-activity;sid:84463304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.81.254"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600203/; classtype:trojan-activity;sid:84463303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.6.83.56"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600202/; classtype:trojan-activity;sid:84463302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.89.17"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600201/; classtype:trojan-activity;sid:84463301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.95.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600200/; classtype:trojan-activity;sid:84463300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.222.156"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600199/; classtype:trojan-activity;sid:84463299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.6.83.56"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600198/; classtype:trojan-activity;sid:84463298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.24.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600197/; classtype:trojan-activity;sid:84463297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv4l"; depth:11; endswith; nocase; http.host; content:"185.132.53.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600195/; classtype:trojan-activity;sid:84463295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i586"; depth:9; endswith; nocase; http.host; content:"185.132.53.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600196/; classtype:trojan-activity;sid:84463296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv6l"; depth:11; endswith; nocase; http.host; content:"185.132.53.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600193/; classtype:trojan-activity;sid:84463293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv5l"; depth:11; endswith; nocase; http.host; content:"185.132.53.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600194/; classtype:trojan-activity;sid:84463294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.51.202"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600192/; classtype:trojan-activity;sid:84463292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.3.99"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600191/; classtype:trojan-activity;sid:84463291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv7l"; depth:11; endswith; nocase; http.host; content:"185.132.53.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600187/; classtype:trojan-activity;sid:84463287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mipsel"; depth:11; endswith; nocase; http.host; content:"185.132.53.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600188/; classtype:trojan-activity;sid:84463288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"185.132.53.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600189/; classtype:trojan-activity;sid:84463289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"185.132.53.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600190/; classtype:trojan-activity;sid:84463290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.206.94"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600186/; classtype:trojan-activity;sid:84463286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.117.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600185/; classtype:trojan-activity;sid:84463285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.215.199"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600184/; classtype:trojan-activity;sid:84463284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.124.186"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600183/; classtype:trojan-activity;sid:84463283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.254.1"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600182/; classtype:trojan-activity;sid:84463282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.196.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600181/; classtype:trojan-activity;sid:84463281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.222.156"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600180/; classtype:trojan-activity;sid:84463280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.176.235"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600179/; classtype:trojan-activity;sid:84463279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.176.235"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600178/; classtype:trojan-activity;sid:84463278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.46.236"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600177/; classtype:trojan-activity;sid:84463277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.181.55"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600176/; classtype:trojan-activity;sid:84463276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.123.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600175/; classtype:trojan-activity;sid:84463275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.65.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600174/; classtype:trojan-activity;sid:84463274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600173/; classtype:trojan-activity;sid:84463273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.181.55"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600172/; classtype:trojan-activity;sid:84463272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.5.179"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600171/; classtype:trojan-activity;sid:84463271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.226.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600170/; classtype:trojan-activity;sid:84463270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.24.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600169/; classtype:trojan-activity;sid:84463269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.65.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600168/; classtype:trojan-activity;sid:84463268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.123.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600167/; classtype:trojan-activity;sid:84463267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600166/; classtype:trojan-activity;sid:84463266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.249.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600165/; classtype:trojan-activity;sid:84463265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.exe"; depth:8; endswith; nocase; http.host; content:"77.90.153.62"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600164/; classtype:trojan-activity;sid:84463264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.exe"; depth:6; endswith; nocase; http.host; content:"176.46.152.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600163/; classtype:trojan-activity;sid:84463263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.exe"; depth:6; endswith; nocase; http.host; content:"176.46.152.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600162/; classtype:trojan-activity;sid:84463262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.210.253"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600161/; classtype:trojan-activity;sid:84463261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.arm7"; depth:16; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600159/; classtype:trojan-activity;sid:84463259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.ppc"; depth:15; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600160/; classtype:trojan-activity;sid:84463260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7956683102/tvmobbr.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600158/; classtype:trojan-activity;sid:84463258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600157/; classtype:trojan-activity;sid:84463257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600156/; classtype:trojan-activity;sid:84463256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600151/; classtype:trojan-activity;sid:84463251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600152/; classtype:trojan-activity;sid:84463252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600153/; classtype:trojan-activity;sid:84463253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.arc"; depth:15; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600154/; classtype:trojan-activity;sid:84463254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arc"; depth:25; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600155/; classtype:trojan-activity;sid:84463255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600150/; classtype:trojan-activity;sid:84463250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600142/; classtype:trojan-activity;sid:84463242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600143/; classtype:trojan-activity;sid:84463243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600144/; classtype:trojan-activity;sid:84463244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600145/; classtype:trojan-activity;sid:84463245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600146/; classtype:trojan-activity;sid:84463246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/debug"; depth:21; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600147/; classtype:trojan-activity;sid:84463247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600148/; classtype:trojan-activity;sid:84463248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600149/; classtype:trojan-activity;sid:84463249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"185.132.53.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600138/; classtype:trojan-activity;sid:84463238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.arm"; depth:15; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600139/; classtype:trojan-activity;sid:84463239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.arm5"; depth:16; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600140/; classtype:trojan-activity;sid:84463240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/debug"; depth:11; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600141/; classtype:trojan-activity;sid:84463241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600129/; classtype:trojan-activity;sid:84463229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600130/; classtype:trojan-activity;sid:84463230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600131/; classtype:trojan-activity;sid:84463231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600132/; classtype:trojan-activity;sid:84463232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600133/; classtype:trojan-activity;sid:84463233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600134/; classtype:trojan-activity;sid:84463234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600135/; classtype:trojan-activity;sid:84463235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600136/; classtype:trojan-activity;sid:84463236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600137/; classtype:trojan-activity;sid:84463237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600128/; classtype:trojan-activity;sid:84463228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/ssa-236-5263-89.msi"; depth:22; endswith; nocase; http.host; content:"jayexecutive.co.ke"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600127/; classtype:trojan-activity;sid:84463227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600121/; classtype:trojan-activity;sid:84463221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.mips"; depth:16; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600122/; classtype:trojan-activity;sid:84463222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.arm6"; depth:16; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600123/; classtype:trojan-activity;sid:84463223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/o.xml"; depth:21; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600124/; classtype:trojan-activity;sid:84463224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1013240947/faiaaxb.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600125/; classtype:trojan-activity;sid:84463225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1035427758/szllbx3.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600126/; classtype:trojan-activity;sid:84463226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600119/; classtype:trojan-activity;sid:84463219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/688795465/gw0aqft.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600120/; classtype:trojan-activity;sid:84463220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600111/; classtype:trojan-activity;sid:84463211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600112/; classtype:trojan-activity;sid:84463212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600113/; classtype:trojan-activity;sid:84463213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600114/; classtype:trojan-activity;sid:84463214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600115/; classtype:trojan-activity;sid:84463215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600116/; classtype:trojan-activity;sid:84463216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600117/; classtype:trojan-activity;sid:84463217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600118/; classtype:trojan-activity;sid:84463218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.sh4"; depth:15; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600103/; classtype:trojan-activity;sid:84463203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600104/; classtype:trojan-activity;sid:84463204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.m68k"; depth:16; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600105/; classtype:trojan-activity;sid:84463205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.i686"; depth:16; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600106/; classtype:trojan-activity;sid:84463206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600107/; classtype:trojan-activity;sid:84463207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600108/; classtype:trojan-activity;sid:84463208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600109/; classtype:trojan-activity;sid:84463209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.sh"; depth:5; endswith; nocase; http.host; content:"31.97.70.218"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600110/; classtype:trojan-activity;sid:84463210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; depth:70; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600096/; classtype:trojan-activity;sid:84463196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.mpsl"; depth:16; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600097/; classtype:trojan-activity;sid:84463197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600098/; classtype:trojan-activity;sid:84463198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.spc"; depth:15; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600099/; classtype:trojan-activity;sid:84463199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.x86"; depth:15; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600100/; classtype:trojan-activity;sid:84463200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; depth:71; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600101/; classtype:trojan-activity;sid:84463201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.x86_64"; depth:18; endswith; nocase; http.host; content:"196.251.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600102/; classtype:trojan-activity;sid:84463202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6805932958/evdumat.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600094/; classtype:trojan-activity;sid:84463194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; depth:70; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600095/; classtype:trojan-activity;sid:84463195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; depth:71; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600093/; classtype:trojan-activity;sid:84463193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; depth:71; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600087/; classtype:trojan-activity;sid:84463187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:71; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600088/; classtype:trojan-activity;sid:84463188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; depth:71; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600089/; classtype:trojan-activity;sid:84463189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; depth:71; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600090/; classtype:trojan-activity;sid:84463190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.fol"; depth:6; endswith; nocase; http.host; content:"45.221.64.201"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600091/; classtype:trojan-activity;sid:84463191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; depth:70; endswith; nocase; http.host; content:"94.26.90.236"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600092/; classtype:trojan-activity;sid:84463192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.249.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600086/; classtype:trojan-activity;sid:84463186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.193.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600085/; classtype:trojan-activity;sid:84463185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.210.253"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600084/; classtype:trojan-activity;sid:84463184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.86.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600083/; classtype:trojan-activity;sid:84463183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.250.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600082/; classtype:trojan-activity;sid:84463182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.15.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600081/; classtype:trojan-activity;sid:84463181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.193.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600080/; classtype:trojan-activity;sid:84463180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.114.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600079/; classtype:trojan-activity;sid:84463179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.75.43"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600077/; classtype:trojan-activity;sid:84463177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.70.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600078/; classtype:trojan-activity;sid:84463178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.250.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600076/; classtype:trojan-activity;sid:84463176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.86.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600075/; classtype:trojan-activity;sid:84463175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.15.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600074/; classtype:trojan-activity;sid:84463174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.70.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600073/; classtype:trojan-activity;sid:84463173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600072/; classtype:trojan-activity;sid:84463172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.179.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600071/; classtype:trojan-activity;sid:84463171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.106.136"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600070/; classtype:trojan-activity;sid:84463170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.156.28"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600069/; classtype:trojan-activity;sid:84463169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.90.29.51"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600068/; classtype:trojan-activity;sid:84463168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.106.136"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600067/; classtype:trojan-activity;sid:84463167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.93.88"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600066/; classtype:trojan-activity;sid:84463166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.14.205"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600065/; classtype:trojan-activity;sid:84463165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.101.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600064/; classtype:trojan-activity;sid:84463164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.220.128"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600063/; classtype:trojan-activity;sid:84463163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.156.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600062/; classtype:trojan-activity;sid:84463162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.25.225"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600061/; classtype:trojan-activity;sid:84463161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.243.68"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600060/; classtype:trojan-activity;sid:84463160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.156.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600059/; classtype:trojan-activity;sid:84463159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.190.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600057/; classtype:trojan-activity;sid:84463157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.25.225"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600058/; classtype:trojan-activity;sid:84463158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.107.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600055/; classtype:trojan-activity;sid:84463155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.220.128"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600056/; classtype:trojan-activity;sid:84463156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.128.2"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600054/; classtype:trojan-activity;sid:84463154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.41.11"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600053/; classtype:trojan-activity;sid:84463153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.128.2"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600052/; classtype:trojan-activity;sid:84463152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600051/; classtype:trojan-activity;sid:84463151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600050/; classtype:trojan-activity;sid:84463150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600048/; classtype:trojan-activity;sid:84463148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600049/; classtype:trojan-activity;sid:84463149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600042/; classtype:trojan-activity;sid:84463142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600043/; classtype:trojan-activity;sid:84463143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600044/; classtype:trojan-activity;sid:84463144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600045/; classtype:trojan-activity;sid:84463145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600046/; classtype:trojan-activity;sid:84463146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600047/; classtype:trojan-activity;sid:84463147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.44.39"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600039/; classtype:trojan-activity;sid:84463139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.149.226"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600040/; classtype:trojan-activity;sid:84463140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.226.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600041/; classtype:trojan-activity;sid:84463141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"196.251.84.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600037/; classtype:trojan-activity;sid:84463137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.17.18.13"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600038/; classtype:trojan-activity;sid:84463138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.101.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600036/; classtype:trojan-activity;sid:84463136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.153.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600035/; classtype:trojan-activity;sid:84463135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.70.8"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600034/; classtype:trojan-activity;sid:84463134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.131.35"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600033/; classtype:trojan-activity;sid:84463133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.72.198"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600031/; classtype:trojan-activity;sid:84463131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.121.123"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600032/; classtype:trojan-activity;sid:84463132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.88.54"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600030/; classtype:trojan-activity;sid:84463130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.49.91"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600029/; classtype:trojan-activity;sid:84463129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.153.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600028/; classtype:trojan-activity;sid:84463128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.73.147"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600027/; classtype:trojan-activity;sid:84463127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.12.79"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600026/; classtype:trojan-activity;sid:84463126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.70.8"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600024/; classtype:trojan-activity;sid:84463124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.172.126"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600025/; classtype:trojan-activity;sid:84463125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.121.123"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600023/; classtype:trojan-activity;sid:84463123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.88.54"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600022/; classtype:trojan-activity;sid:84463122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.131.35"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600021/; classtype:trojan-activity;sid:84463121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.49.91"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600020/; classtype:trojan-activity;sid:84463120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.172.126"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600019/; classtype:trojan-activity;sid:84463119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.245.212"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600018/; classtype:trojan-activity;sid:84463118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.2.94"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600017/; classtype:trojan-activity;sid:84463117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.132.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600016/; classtype:trojan-activity;sid:84463116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.92"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600015/; classtype:trojan-activity;sid:84463115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.132.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600014/; classtype:trojan-activity;sid:84463114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.55.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600013/; classtype:trojan-activity;sid:84463113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.157.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600012/; classtype:trojan-activity;sid:84463112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.15.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600011/; classtype:trojan-activity;sid:84463111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.191.16.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600010/; classtype:trojan-activity;sid:84463110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.67.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600009/; classtype:trojan-activity;sid:84463109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.55.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600008/; classtype:trojan-activity;sid:84463108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.245.212"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600007/; classtype:trojan-activity;sid:84463107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.157.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600006/; classtype:trojan-activity;sid:84463106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.119.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600005/; classtype:trojan-activity;sid:84463105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.29.23"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600004/; classtype:trojan-activity;sid:84463104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.105.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600002/; classtype:trojan-activity;sid:84463102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.12.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600003/; classtype:trojan-activity;sid:84463103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.29.23"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600001/; classtype:trojan-activity;sid:84463101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.12.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600000/; classtype:trojan-activity;sid:84463100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.190.175"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599999/; classtype:trojan-activity;sid:84463099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.226.80"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599998/; classtype:trojan-activity;sid:84463098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.81.136"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599997/; classtype:trojan-activity;sid:84463097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.100.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599996/; classtype:trojan-activity;sid:84463096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.190.175"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599995/; classtype:trojan-activity;sid:84463095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.242.167"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599994/; classtype:trojan-activity;sid:84463094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.204"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599993/; classtype:trojan-activity;sid:84463093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.16.151.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599992/; classtype:trojan-activity;sid:84463092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.191.16.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599991/; classtype:trojan-activity;sid:84463091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.150.23"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599990/; classtype:trojan-activity;sid:84463090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.236.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599989/; classtype:trojan-activity;sid:84463089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.16.151.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599988/; classtype:trojan-activity;sid:84463088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.150.23"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599987/; classtype:trojan-activity;sid:84463087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.81.136"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599986/; classtype:trojan-activity;sid:84463086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.198.163"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599985/; classtype:trojan-activity;sid:84463085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.236.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599984/; classtype:trojan-activity;sid:84463084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.204"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599983/; classtype:trojan-activity;sid:84463083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.93.228.160"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599982/; classtype:trojan-activity;sid:84463082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.0.59"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599981/; classtype:trojan-activity;sid:84463081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.3.41.112"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599980/; classtype:trojan-activity;sid:84463080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.182.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599979/; classtype:trojan-activity;sid:84463079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.31.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599978/; classtype:trojan-activity;sid:84463078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.198.163"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599977/; classtype:trojan-activity;sid:84463077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"193.93.228.160"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599975/; classtype:trojan-activity;sid:84463075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.154.125"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599976/; classtype:trojan-activity;sid:84463076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.252.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599974/; classtype:trojan-activity;sid:84463074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.107.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599973/; classtype:trojan-activity;sid:84463073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.0.59"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599972/; classtype:trojan-activity;sid:84463072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.74.174"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599971/; classtype:trojan-activity;sid:84463071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.134.162"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599970/; classtype:trojan-activity;sid:84463070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.185.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599969/; classtype:trojan-activity;sid:84463069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.8.227.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599968/; classtype:trojan-activity;sid:84463068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.100.221"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599967/; classtype:trojan-activity;sid:84463067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"157.15.124.203"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599966/; classtype:trojan-activity;sid:84463066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.227.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599964/; classtype:trojan-activity;sid:84463064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.136.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599965/; classtype:trojan-activity;sid:84463065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.185.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599961/; classtype:trojan-activity;sid:84463061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.236.187"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599962/; classtype:trojan-activity;sid:84463062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.24.107"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599963/; classtype:trojan-activity;sid:84463063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.194.75"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599960/; classtype:trojan-activity;sid:84463060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.134.162"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599959/; classtype:trojan-activity;sid:84463059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.74.174"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599958/; classtype:trojan-activity;sid:84463058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.185.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599957/; classtype:trojan-activity;sid:84463057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.194.75"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599956/; classtype:trojan-activity;sid:84463056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.91.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599955/; classtype:trojan-activity;sid:84463055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.115.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599954/; classtype:trojan-activity;sid:84463054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.111.130.184"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599953/; classtype:trojan-activity;sid:84463053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.210.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599952/; classtype:trojan-activity;sid:84463052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.244.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599951/; classtype:trojan-activity;sid:84463051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.88.212"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599950/; classtype:trojan-activity;sid:84463050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.111.130.184"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599949/; classtype:trojan-activity;sid:84463049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.88.212"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599948/; classtype:trojan-activity;sid:84463048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.244.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599946/; classtype:trojan-activity;sid:84463046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.210.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599947/; classtype:trojan-activity;sid:84463047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.15"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599945/; classtype:trojan-activity;sid:84463045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.28.209"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599944/; classtype:trojan-activity;sid:84463044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.105.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599943/; classtype:trojan-activity;sid:84463043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.194.201"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599942/; classtype:trojan-activity;sid:84463042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.237.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599941/; classtype:trojan-activity;sid:84463041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.184.165"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3599940/; classtype:trojan-activity;sid:84463040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.67.217"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599939/; classtype:trojan-activity;sid:84463039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.103.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599938/; classtype:trojan-activity;sid:84463038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.163.134.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599937/; classtype:trojan-activity;sid:84463037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.105.13"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599936/; classtype:trojan-activity;sid:84463036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"80.238.126.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599935/; classtype:trojan-activity;sid:84463035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599933/; classtype:trojan-activity;sid:84463033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599934/; classtype:trojan-activity;sid:84463034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599932/; classtype:trojan-activity;sid:84463032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599931/; classtype:trojan-activity;sid:84463031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599930/; classtype:trojan-activity;sid:84463030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"80.238.126.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599929/; classtype:trojan-activity;sid:84463029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599927/; classtype:trojan-activity;sid:84463027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599928/; classtype:trojan-activity;sid:84463028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"80.238.126.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599921/; classtype:trojan-activity;sid:84463021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"80.238.126.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599922/; classtype:trojan-activity;sid:84463022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599923/; classtype:trojan-activity;sid:84463023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599924/; classtype:trojan-activity;sid:84463024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599925/; classtype:trojan-activity;sid:84463025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"144.172.106.204"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599926/; classtype:trojan-activity;sid:84463026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"80.238.126.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599920/; classtype:trojan-activity;sid:84463020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.233.171"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599918/; classtype:trojan-activity;sid:84463018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.199.169"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599919/; classtype:trojan-activity;sid:84463019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.163.134.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599917/; classtype:trojan-activity;sid:84463017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.114.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599916/; classtype:trojan-activity;sid:84463016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.31.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599915/; classtype:trojan-activity;sid:84463015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.78.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599914/; classtype:trojan-activity;sid:84463014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.79.118"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599913/; classtype:trojan-activity;sid:84463013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599912/; classtype:trojan-activity;sid:84463012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.182.104"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599911/; classtype:trojan-activity;sid:84463011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.233.171"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599910/; classtype:trojan-activity;sid:84463010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.31.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599909/; classtype:trojan-activity;sid:84463009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.123.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599908/; classtype:trojan-activity;sid:84463008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599907/; classtype:trojan-activity;sid:84463007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.41.11"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599906/; classtype:trojan-activity;sid:84463006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.115.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599905/; classtype:trojan-activity;sid:84463005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.171.12"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599904/; classtype:trojan-activity;sid:84463004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.72.198"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599903/; classtype:trojan-activity;sid:84463003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.123.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599902/; classtype:trojan-activity;sid:84463002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.183.185"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599901/; classtype:trojan-activity;sid:84463001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"154.219.121.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599890/; classtype:trojan-activity;sid:84462990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"154.219.121.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599891/; classtype:trojan-activity;sid:84462991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel"; depth:13; endswith; nocase; http.host; content:"154.219.121.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599892/; classtype:trojan-activity;sid:84462992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"154.219.121.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599893/; classtype:trojan-activity;sid:84462993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d.sh"; depth:6; endswith; nocase; http.host; content:"154.219.121.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599894/; classtype:trojan-activity;sid:84462994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"154.219.121.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599895/; classtype:trojan-activity;sid:84462995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"154.219.121.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599896/; classtype:trojan-activity;sid:84462996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"154.219.121.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599897/; classtype:trojan-activity;sid:84462997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"154.219.121.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599898/; classtype:trojan-activity;sid:84462998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"154.219.121.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599899/; classtype:trojan-activity;sid:84462999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_aarch64"; depth:14; endswith; nocase; http.host; content:"154.219.121.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599900/; classtype:trojan-activity;sid:84463000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_armv6l"; depth:11; endswith; nocase; http.host; content:"node1.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599889/; classtype:trojan-activity;sid:84462989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_arm7"; depth:9; endswith; nocase; http.host; content:"node1.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599887/; classtype:trojan-activity;sid:84462987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_386"; depth:8; endswith; nocase; http.host; content:"panel.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599888/; classtype:trojan-activity;sid:84462988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_arm64"; depth:10; endswith; nocase; http.host; content:"node1.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599886/; classtype:trojan-activity;sid:84462986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_ppc64le"; depth:12; endswith; nocase; http.host; content:"node1.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599884/; classtype:trojan-activity;sid:84462984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_ppc64le"; depth:12; endswith; nocase; http.host; content:"37.60.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599885/; classtype:trojan-activity;sid:84462985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_mips64"; depth:11; endswith; nocase; http.host; content:"panel.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599883/; classtype:trojan-activity;sid:84462983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_armv6l"; depth:11; endswith; nocase; http.host; content:"panel.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599877/; classtype:trojan-activity;sid:84462977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_arm7"; depth:9; endswith; nocase; http.host; content:"panel.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599878/; classtype:trojan-activity;sid:84462978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_mips64"; depth:11; endswith; nocase; http.host; content:"node1.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599879/; classtype:trojan-activity;sid:84462979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_armv6l"; depth:11; endswith; nocase; http.host; content:"37.60.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599880/; classtype:trojan-activity;sid:84462980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_amd64"; depth:10; endswith; nocase; http.host; content:"panel.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599881/; classtype:trojan-activity;sid:84462981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_ppc64le"; depth:12; endswith; nocase; http.host; content:"panel.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599882/; classtype:trojan-activity;sid:84462982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_amd64"; depth:10; endswith; nocase; http.host; content:"node1.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599873/; classtype:trojan-activity;sid:84462973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_amd64"; depth:10; endswith; nocase; http.host; content:"37.60.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599874/; classtype:trojan-activity;sid:84462974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_mips64"; depth:11; endswith; nocase; http.host; content:"37.60.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599875/; classtype:trojan-activity;sid:84462975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_mips"; depth:9; endswith; nocase; http.host; content:"panel.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599876/; classtype:trojan-activity;sid:84462976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_386"; depth:8; endswith; nocase; http.host; content:"37.60.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599872/; classtype:trojan-activity;sid:84462972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_arm64"; depth:10; endswith; nocase; http.host; content:"panel.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599871/; classtype:trojan-activity;sid:84462971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_mips"; depth:9; endswith; nocase; http.host; content:"node1.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599869/; classtype:trojan-activity;sid:84462969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_arm"; depth:8; endswith; nocase; http.host; content:"panel.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599870/; classtype:trojan-activity;sid:84462970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_arm"; depth:8; endswith; nocase; http.host; content:"node1.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599868/; classtype:trojan-activity;sid:84462968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_mips"; depth:9; endswith; nocase; http.host; content:"37.60.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599866/; classtype:trojan-activity;sid:84462966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_arm7"; depth:9; endswith; nocase; http.host; content:"37.60.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599867/; classtype:trojan-activity;sid:84462967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_arm64"; depth:10; endswith; nocase; http.host; content:"37.60.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599864/; classtype:trojan-activity;sid:84462964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_386"; depth:8; endswith; nocase; http.host; content:"node1.mclighthouse.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599865/; classtype:trojan-activity;sid:84462965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_arm"; depth:8; endswith; nocase; http.host; content:"37.60.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599863/; classtype:trojan-activity;sid:84462963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599861/; classtype:trojan-activity;sid:84462961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599862/; classtype:trojan-activity;sid:84462962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599860/; classtype:trojan-activity;sid:84462960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599852/; classtype:trojan-activity;sid:84462952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599853/; classtype:trojan-activity;sid:84462953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599854/; classtype:trojan-activity;sid:84462954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599855/; classtype:trojan-activity;sid:84462955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599856/; classtype:trojan-activity;sid:84462956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599857/; classtype:trojan-activity;sid:84462957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599858/; classtype:trojan-activity;sid:84462958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599859/; classtype:trojan-activity;sid:84462959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599850/; classtype:trojan-activity;sid:84462950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599851/; classtype:trojan-activity;sid:84462951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599849/; classtype:trojan-activity;sid:84462949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599839/; classtype:trojan-activity;sid:84462939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599840/; classtype:trojan-activity;sid:84462940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599841/; classtype:trojan-activity;sid:84462941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599842/; classtype:trojan-activity;sid:84462942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599843/; classtype:trojan-activity;sid:84462943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599844/; classtype:trojan-activity;sid:84462944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599845/; classtype:trojan-activity;sid:84462945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"95.169.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599846/; classtype:trojan-activity;sid:84462946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599847/; classtype:trojan-activity;sid:84462947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"evoribusiness.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599848/; classtype:trojan-activity;sid:84462948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.54.239.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599838/; classtype:trojan-activity;sid:84462938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.36.223.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599837/; classtype:trojan-activity;sid:84462937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.146.158.129"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599836/; classtype:trojan-activity;sid:84462936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"58.187.162.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599835/; classtype:trojan-activity;sid:84462935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.229.153.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599834/; classtype:trojan-activity;sid:84462934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"107.172.230.144"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599833/; classtype:trojan-activity;sid:84462933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.95.9.181"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599832/; classtype:trojan-activity;sid:84462932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.146.158.129"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599831/; classtype:trojan-activity;sid:84462931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"196.251.88.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599830/; classtype:trojan-activity;sid:84462930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.75.128.152"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599829/; classtype:trojan-activity;sid:84462929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.41.31.173"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599824/; classtype:trojan-activity;sid:84462924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.235.196.203"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599825/; classtype:trojan-activity;sid:84462925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.50.5.110"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599826/; classtype:trojan-activity;sid:84462926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.162.177.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599827/; classtype:trojan-activity;sid:84462927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.100.71.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599828/; classtype:trojan-activity;sid:84462928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.184.89.190"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599820/; classtype:trojan-activity;sid:84462920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.78.23.203"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599821/; classtype:trojan-activity;sid:84462921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.160.153.74"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599822/; classtype:trojan-activity;sid:84462922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.44.133.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599823/; classtype:trojan-activity;sid:84462923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.147.91.21"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599816/; classtype:trojan-activity;sid:84462916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.233.5.91"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599817/; classtype:trojan-activity;sid:84462917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.114.47.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599818/; classtype:trojan-activity;sid:84462918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.170.199"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599819/; classtype:trojan-activity;sid:84462919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.94.145"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599812/; classtype:trojan-activity;sid:84462912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.171.223.183"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599813/; classtype:trojan-activity;sid:84462913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.200.131.220"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599814/; classtype:trojan-activity;sid:84462914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.208.8.117"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599815/; classtype:trojan-activity;sid:84462915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.40.121.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599809/; classtype:trojan-activity;sid:84462909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"79.122.193.32"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599810/; classtype:trojan-activity;sid:84462910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.185.77.38"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599811/; classtype:trojan-activity;sid:84462911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.141.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599808/; classtype:trojan-activity;sid:84462908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"101.168.9.127"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599806/; classtype:trojan-activity;sid:84462906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.164.211.247"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599807/; classtype:trojan-activity;sid:84462907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.242.205.23"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599798/; classtype:trojan-activity;sid:84462898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.23.171.176"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599799/; classtype:trojan-activity;sid:84462899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.180.166.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599800/; classtype:trojan-activity;sid:84462900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.23.171.176"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599801/; classtype:trojan-activity;sid:84462901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.227.19.102"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599802/; classtype:trojan-activity;sid:84462902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.227.19.102"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599803/; classtype:trojan-activity;sid:84462903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"101.168.4.77"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599804/; classtype:trojan-activity;sid:84462904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.40.121.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599805/; classtype:trojan-activity;sid:84462905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.166.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599796/; classtype:trojan-activity;sid:84462896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.150.20"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599797/; classtype:trojan-activity;sid:84462897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"93.130.189.48"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599795/; classtype:trojan-activity;sid:84462895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.183.185"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599794/; classtype:trojan-activity;sid:84462894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.203.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599793/; classtype:trojan-activity;sid:84462893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.103.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599792/; classtype:trojan-activity;sid:84462892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.242.10"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599791/; classtype:trojan-activity;sid:84462891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.79.118"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599790/; classtype:trojan-activity;sid:84462890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599789/; classtype:trojan-activity;sid:84462889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.114.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599787/; classtype:trojan-activity;sid:84462887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.103.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599788/; classtype:trojan-activity;sid:84462888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.222.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599786/; classtype:trojan-activity;sid:84462886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.156.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599785/; classtype:trojan-activity;sid:84462885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.73.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599784/; classtype:trojan-activity;sid:84462884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599783/; classtype:trojan-activity;sid:84462883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.200.164"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599782/; classtype:trojan-activity;sid:84462882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.244.66.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599781/; classtype:trojan-activity;sid:84462881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.255.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599780/; classtype:trojan-activity;sid:84462880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.236.11.190"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599779/; classtype:trojan-activity;sid:84462879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.105.160"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599778/; classtype:trojan-activity;sid:84462878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.37.123"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599776/; classtype:trojan-activity;sid:84462876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.211.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599777/; classtype:trojan-activity;sid:84462877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599773/; classtype:trojan-activity;sid:84462873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599774/; classtype:trojan-activity;sid:84462874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.49.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599775/; classtype:trojan-activity;sid:84462875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.73.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599772/; classtype:trojan-activity;sid:84462872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.222.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599771/; classtype:trojan-activity;sid:84462871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.156.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599770/; classtype:trojan-activity;sid:84462870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.209.184"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599769/; classtype:trojan-activity;sid:84462869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.200.164"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599768/; classtype:trojan-activity;sid:84462868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.111.5"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599767/; classtype:trojan-activity;sid:84462867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.114.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599766/; classtype:trojan-activity;sid:84462866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.13.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599765/; classtype:trojan-activity;sid:84462865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.248.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599764/; classtype:trojan-activity;sid:84462864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.77.30"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599762/; classtype:trojan-activity;sid:84462862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.85.158"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599763/; classtype:trojan-activity;sid:84462863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.197.201"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599761/; classtype:trojan-activity;sid:84462861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.111.5"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599760/; classtype:trojan-activity;sid:84462860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.196.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599759/; classtype:trojan-activity;sid:84462859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.67.217"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599758/; classtype:trojan-activity;sid:84462858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.196.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599757/; classtype:trojan-activity;sid:84462857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.197.201"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599756/; classtype:trojan-activity;sid:84462856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.248.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599755/; classtype:trojan-activity;sid:84462855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.239.77"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599754/; classtype:trojan-activity;sid:84462854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.124.186"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599753/; classtype:trojan-activity;sid:84462853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.103.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599752/; classtype:trojan-activity;sid:84462852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.96.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599751/; classtype:trojan-activity;sid:84462851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.239.77"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599750/; classtype:trojan-activity;sid:84462850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.100.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599749/; classtype:trojan-activity;sid:84462849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.96.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599748/; classtype:trojan-activity;sid:84462848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.164.203"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599747/; classtype:trojan-activity;sid:84462847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.224.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599746/; classtype:trojan-activity;sid:84462846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.206.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599745/; classtype:trojan-activity;sid:84462845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.177.107.16"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599744/; classtype:trojan-activity;sid:84462844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.121.252"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599743/; classtype:trojan-activity;sid:84462843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.224.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599742/; classtype:trojan-activity;sid:84462842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.101.90"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599741/; classtype:trojan-activity;sid:84462841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.87.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599740/; classtype:trojan-activity;sid:84462840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.121.252"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599739/; classtype:trojan-activity;sid:84462839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.177.107.16"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599738/; classtype:trojan-activity;sid:84462838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.120.236"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599737/; classtype:trojan-activity;sid:84462837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.71.15.180"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599736/; classtype:trojan-activity;sid:84462836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.221.13"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599735/; classtype:trojan-activity;sid:84462835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.87.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599734/; classtype:trojan-activity;sid:84462834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.120.236"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599733/; classtype:trojan-activity;sid:84462833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.71.15.180"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599732/; classtype:trojan-activity;sid:84462832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.11.96"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599731/; classtype:trojan-activity;sid:84462831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.78.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599730/; classtype:trojan-activity;sid:84462830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.235.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599729/; classtype:trojan-activity;sid:84462829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.221.116"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599728/; classtype:trojan-activity;sid:84462828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.36.194"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599727/; classtype:trojan-activity;sid:84462827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.1.196.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599726/; classtype:trojan-activity;sid:84462826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.154.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599725/; classtype:trojan-activity;sid:84462825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599724/; classtype:trojan-activity;sid:84462824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.132.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599723/; classtype:trojan-activity;sid:84462823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.34.218"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599722/; classtype:trojan-activity;sid:84462822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.36.194"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599721/; classtype:trojan-activity;sid:84462821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.144.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599720/; classtype:trojan-activity;sid:84462820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.1.196.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599719/; classtype:trojan-activity;sid:84462819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.154.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599718/; classtype:trojan-activity;sid:84462818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599717/; classtype:trojan-activity;sid:84462817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.82.28"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599716/; classtype:trojan-activity;sid:84462816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.218.221"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599715/; classtype:trojan-activity;sid:84462815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599713/; classtype:trojan-activity;sid:84462813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.i686"; depth:26; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599714/; classtype:trojan-activity;sid:84462814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.arm"; depth:25; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599711/; classtype:trojan-activity;sid:84462811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599712/; classtype:trojan-activity;sid:84462812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599704/; classtype:trojan-activity;sid:84462804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.x86"; depth:25; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599705/; classtype:trojan-activity;sid:84462805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599706/; classtype:trojan-activity;sid:84462806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599707/; classtype:trojan-activity;sid:84462807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.arm6"; depth:26; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599708/; classtype:trojan-activity;sid:84462808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599709/; classtype:trojan-activity;sid:84462809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.61.154"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599710/; classtype:trojan-activity;sid:84462810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.mpsl"; depth:26; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599697/; classtype:trojan-activity;sid:84462797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.x86_64"; depth:28; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599698/; classtype:trojan-activity;sid:84462798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599699/; classtype:trojan-activity;sid:84462799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599700/; classtype:trojan-activity;sid:84462800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/debug"; depth:21; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599701/; classtype:trojan-activity;sid:84462801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.ppc"; depth:25; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599702/; classtype:trojan-activity;sid:84462802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599703/; classtype:trojan-activity;sid:84462803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599696/; classtype:trojan-activity;sid:84462796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599689/; classtype:trojan-activity;sid:84462789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.spc"; depth:25; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599690/; classtype:trojan-activity;sid:84462790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599691/; classtype:trojan-activity;sid:84462791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.sh4"; depth:25; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599692/; classtype:trojan-activity;sid:84462792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.m68k"; depth:26; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599693/; classtype:trojan-activity;sid:84462793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599694/; classtype:trojan-activity;sid:84462794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.arm5"; depth:26; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599695/; classtype:trojan-activity;sid:84462795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.arc"; depth:25; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599686/; classtype:trojan-activity;sid:84462786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.i468"; depth:26; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599687/; classtype:trojan-activity;sid:84462787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599688/; classtype:trojan-activity;sid:84462788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.mips"; depth:26; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599684/; classtype:trojan-activity;sid:84462784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.arm7"; depth:26; endswith; nocase; http.host; content:"t.nightbotnet.my.id"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599685/; classtype:trojan-activity;sid:84462785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.82.28"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599683/; classtype:trojan-activity;sid:84462783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.87"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599682/; classtype:trojan-activity;sid:84462782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.180.165"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599681/; classtype:trojan-activity;sid:84462781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.132.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599679/; classtype:trojan-activity;sid:84462779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.254.1"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599680/; classtype:trojan-activity;sid:84462780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.113.109"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599678/; classtype:trojan-activity;sid:84462778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.116"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599677/; classtype:trojan-activity;sid:84462777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.61.154"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599676/; classtype:trojan-activity;sid:84462776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86/nomad-health"; depth:17; endswith; nocase; http.host; content:"162.248.53.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599675/; classtype:trojan-activity;sid:84462775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yes.tar.gz.bk.spr"; depth:18; endswith; nocase; http.host; content:"162.248.53.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599674/; classtype:trojan-activity;sid:84462774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599659/; classtype:trojan-activity;sid:84462759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599660/; classtype:trojan-activity;sid:84462760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c2-callback"; depth:12; endswith; nocase; http.host; content:"162.248.53.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599661/; classtype:trojan-activity;sid:84462761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hans"; depth:5; endswith; nocase; http.host; content:"162.248.53.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599662/; classtype:trojan-activity;sid:84462762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599663/; classtype:trojan-activity;sid:84462763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599664/; classtype:trojan-activity;sid:84462764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599665/; classtype:trojan-activity;sid:84462765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599666/; classtype:trojan-activity;sid:84462766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599667/; classtype:trojan-activity;sid:84462767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599668/; classtype:trojan-activity;sid:84462768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599669/; classtype:trojan-activity;sid:84462769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599670/; classtype:trojan-activity;sid:84462770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599671/; classtype:trojan-activity;sid:84462771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599672/; classtype:trojan-activity;sid:84462772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"susanti.wetlandsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599673/; classtype:trojan-activity;sid:84462773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t2.bash"; depth:8; endswith; nocase; http.host; content:"162.248.53.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599658/; classtype:trojan-activity;sid:84462758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599657/; classtype:trojan-activity;sid:84462757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599656/; classtype:trojan-activity;sid:84462756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599655/; classtype:trojan-activity;sid:84462755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599652/; classtype:trojan-activity;sid:84462752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599653/; classtype:trojan-activity;sid:84462753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599654/; classtype:trojan-activity;sid:84462754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599649/; classtype:trojan-activity;sid:84462749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599650/; classtype:trojan-activity;sid:84462750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599651/; classtype:trojan-activity;sid:84462751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599645/; classtype:trojan-activity;sid:84462745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599646/; classtype:trojan-activity;sid:84462746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599647/; classtype:trojan-activity;sid:84462747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"event.wetlandsquare.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599648/; classtype:trojan-activity;sid:84462748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rev-shell.ps1"; depth:14; endswith; nocase; http.host; content:"162.248.53.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599644/; classtype:trojan-activity;sid:84462744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599643/; classtype:trojan-activity;sid:84462743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599639/; classtype:trojan-activity;sid:84462739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599640/; classtype:trojan-activity;sid:84462740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599641/; classtype:trojan-activity;sid:84462741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599642/; classtype:trojan-activity;sid:84462742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logr"; depth:5; endswith; nocase; http.host; content:"162.248.53.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599638/; classtype:trojan-activity;sid:84462738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pws1.vbs"; depth:9; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599637/; classtype:trojan-activity;sid:84462737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.85.209"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599636/; classtype:trojan-activity;sid:84462736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.158.194"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599635/; classtype:trojan-activity;sid:84462735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.85.209"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599634/; classtype:trojan-activity;sid:84462734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.8.224.147"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599632/; classtype:trojan-activity;sid:84462732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.230.14"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599631/; classtype:trojan-activity;sid:84462731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.158.194"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599630/; classtype:trojan-activity;sid:84462730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nmips"; depth:6; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599629/; classtype:trojan-activity;sid:84462729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nx86_64"; depth:8; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599628/; classtype:trojan-activity;sid:84462728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.190.200.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599627/; classtype:trojan-activity;sid:84462727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.204.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599626/; classtype:trojan-activity;sid:84462726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.76.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599624/; classtype:trojan-activity;sid:84462724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.230.14"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599625/; classtype:trojan-activity;sid:84462725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.60.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599623/; classtype:trojan-activity;sid:84462723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.227.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599622/; classtype:trojan-activity;sid:84462722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.65.186"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599621/; classtype:trojan-activity;sid:84462721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.10.96"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599620/; classtype:trojan-activity;sid:84462720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.217.167"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599619/; classtype:trojan-activity;sid:84462719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.173.69"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599618/; classtype:trojan-activity;sid:84462718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.190.200.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599617/; classtype:trojan-activity;sid:84462717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.136.87.2"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599616/; classtype:trojan-activity;sid:84462716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.65.186"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599615/; classtype:trojan-activity;sid:84462715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.238.246"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599614/; classtype:trojan-activity;sid:84462714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.10.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599613/; classtype:trojan-activity;sid:84462713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599611/; classtype:trojan-activity;sid:84462711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.136.87.2"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599612/; classtype:trojan-activity;sid:84462712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599610/; classtype:trojan-activity;sid:84462710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599609/; classtype:trojan-activity;sid:84462709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599602/; classtype:trojan-activity;sid:84462702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599603/; classtype:trojan-activity;sid:84462703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599604/; classtype:trojan-activity;sid:84462704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599605/; classtype:trojan-activity;sid:84462705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599606/; classtype:trojan-activity;sid:84462706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599607/; classtype:trojan-activity;sid:84462707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599608/; classtype:trojan-activity;sid:84462708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599599/; classtype:trojan-activity;sid:84462699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599600/; classtype:trojan-activity;sid:84462700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599601/; classtype:trojan-activity;sid:84462701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599597/; classtype:trojan-activity;sid:84462697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599598/; classtype:trojan-activity;sid:84462698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"zebratitties.autblx.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599596/; classtype:trojan-activity;sid:84462696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.60.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599595/; classtype:trojan-activity;sid:84462695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.10.96"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599594/; classtype:trojan-activity;sid:84462694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.200.173.244"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599593/; classtype:trojan-activity;sid:84462693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.95.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599592/; classtype:trojan-activity;sid:84462692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.217.167"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599591/; classtype:trojan-activity;sid:84462691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.5.16"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599590/; classtype:trojan-activity;sid:84462690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarm6"; depth:6; endswith; nocase; http.host; content:"103.176.20.59"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599588/; classtype:trojan-activity;sid:84462688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"103.176.20.59"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599589/; classtype:trojan-activity;sid:84462689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.10.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599587/; classtype:trojan-activity;sid:84462687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599586/; classtype:trojan-activity;sid:84462686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.249.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599585/; classtype:trojan-activity;sid:84462685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.27.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599584/; classtype:trojan-activity;sid:84462684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.50.28"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599583/; classtype:trojan-activity;sid:84462683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.221.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599582/; classtype:trojan-activity;sid:84462682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.219.218.229"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599581/; classtype:trojan-activity;sid:84462681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.178.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599580/; classtype:trojan-activity;sid:84462680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.223.39.1"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599579/; classtype:trojan-activity;sid:84462679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.249.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599578/; classtype:trojan-activity;sid:84462678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.27.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599577/; classtype:trojan-activity;sid:84462677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.50.28"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599576/; classtype:trojan-activity;sid:84462676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.76.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599575/; classtype:trojan-activity;sid:84462675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.85.247"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599574/; classtype:trojan-activity;sid:84462674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.157.32"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599573/; classtype:trojan-activity;sid:84462673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.178.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599572/; classtype:trojan-activity;sid:84462672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.7.231"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599571/; classtype:trojan-activity;sid:84462671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.196.114"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599570/; classtype:trojan-activity;sid:84462670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.181.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599569/; classtype:trojan-activity;sid:84462669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.206.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599568/; classtype:trojan-activity;sid:84462668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.105.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599567/; classtype:trojan-activity;sid:84462667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.181.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599566/; classtype:trojan-activity;sid:84462666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxyylufh8jvgoyy.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599565/; classtype:trojan-activity;sid:84462665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re3sym8hg4dfc78jlibcercm.exe"; depth:29; endswith; nocase; http.host; content:"66.63.187.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599564/; classtype:trojan-activity;sid:84462664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bsbgcvdcsehvaj1.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599563/; classtype:trojan-activity;sid:84462663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/areaie0m5uqspuz.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599562/; classtype:trojan-activity;sid:84462662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_a3dd1bd36b8d447fa1ab98f24e7143fa.txt"; depth:45; endswith; nocase; http.host; content:"atxwindowsx.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599561/; classtype:trojan-activity;sid:84462661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0/items/msi-pro/msi_pro.jpg"; depth:28; endswith; nocase; http.host; content:"dn721700.ca.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599560/; classtype:trojan-activity;sid:84462660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_3c5959e05e4a46419fae6914232f6afd.txt"; depth:45; endswith; nocase; http.host; content:"janinacamposs.lovestoblog.com"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599559/; classtype:trojan-activity;sid:84462659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.219.52"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599558/; classtype:trojan-activity;sid:84462658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_4f9278722c2c4398b43229bb1053239b.txt"; depth:45; endswith; nocase; http.host; content:"janinacamposs.lovestoblog.com"; depth:29; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599557/; classtype:trojan-activity;sid:84462657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.53.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599556/; classtype:trojan-activity;sid:84462656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/81ff9e79e0344c1ab59f51bbf4f07cb1.txt"; depth:46; endswith; nocase; http.host; content:"latencyx.pythonanywhere.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599555/; classtype:trojan-activity;sid:84462655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.189.32"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599554/; classtype:trojan-activity;sid:84462654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.216.192.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599553/; classtype:trojan-activity;sid:84462653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.53.24"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599552/; classtype:trojan-activity;sid:84462652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.71.206.3"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599551/; classtype:trojan-activity;sid:84462651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.230.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599550/; classtype:trojan-activity;sid:84462650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.216.192.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599549/; classtype:trojan-activity;sid:84462649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.98.5"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599548/; classtype:trojan-activity;sid:84462648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.115.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599547/; classtype:trojan-activity;sid:84462647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fridasyconstraints.vbs"; depth:23; endswith; nocase; http.host; content:"107.175.243.133"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599546/; classtype:trojan-activity;sid:84462646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.226.174.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599545/; classtype:trojan-activity;sid:84462645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.3.255"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599544/; classtype:trojan-activity;sid:84462644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5413618230/xqvtpl8.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599543/; classtype:trojan-activity;sid:84462643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.141.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599542/; classtype:trojan-activity;sid:84462642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.98.5"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599541/; classtype:trojan-activity;sid:84462641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.105.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599540/; classtype:trojan-activity;sid:84462640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.60.190.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599539/; classtype:trojan-activity;sid:84462639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.141.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599538/; classtype:trojan-activity;sid:84462638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.227.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599536/; classtype:trojan-activity;sid:84462636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"5.26.178.103"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599537/; classtype:trojan-activity;sid:84462637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.18.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599535/; classtype:trojan-activity;sid:84462635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.221.59"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599533/; classtype:trojan-activity;sid:84462633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.91.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599534/; classtype:trojan-activity;sid:84462634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.105.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599532/; classtype:trojan-activity;sid:84462632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.26.178.103"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599530/; classtype:trojan-activity;sid:84462630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.116.247"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599531/; classtype:trojan-activity;sid:84462631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.60.190.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599529/; classtype:trojan-activity;sid:84462629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.7.226"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599528/; classtype:trojan-activity;sid:84462628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.78.138"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599527/; classtype:trojan-activity;sid:84462627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.5.66"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599526/; classtype:trojan-activity;sid:84462626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.7.226"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599525/; classtype:trojan-activity;sid:84462625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.44.242.206"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599524/; classtype:trojan-activity;sid:84462624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599523/; classtype:trojan-activity;sid:84462623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.144.6"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599522/; classtype:trojan-activity;sid:84462622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.89.17"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599521/; classtype:trojan-activity;sid:84462621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599520/; classtype:trojan-activity;sid:84462620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.77.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599519/; classtype:trojan-activity;sid:84462619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.47.212.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599518/; classtype:trojan-activity;sid:84462618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599517/; classtype:trojan-activity;sid:84462617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599516/; classtype:trojan-activity;sid:84462616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599514/; classtype:trojan-activity;sid:84462614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599515/; classtype:trojan-activity;sid:84462615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599505/; classtype:trojan-activity;sid:84462605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599506/; classtype:trojan-activity;sid:84462606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599507/; classtype:trojan-activity;sid:84462607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599508/; classtype:trojan-activity;sid:84462608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599509/; classtype:trojan-activity;sid:84462609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599510/; classtype:trojan-activity;sid:84462610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599511/; classtype:trojan-activity;sid:84462611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599512/; classtype:trojan-activity;sid:84462612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599513/; classtype:trojan-activity;sid:84462613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; depth:87; endswith; nocase; http.host; content:"103.77.241.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599504/; classtype:trojan-activity;sid:84462604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.198.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599503/; classtype:trojan-activity;sid:84462603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.166.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599502/; classtype:trojan-activity;sid:84462602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.195.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599501/; classtype:trojan-activity;sid:84462601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.40.81.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599500/; classtype:trojan-activity;sid:84462600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.219.50"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599499/; classtype:trojan-activity;sid:84462599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.73.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599498/; classtype:trojan-activity;sid:84462598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.198.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599496/; classtype:trojan-activity;sid:84462596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.77.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599497/; classtype:trojan-activity;sid:84462597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.10.155.239"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599495/; classtype:trojan-activity;sid:84462595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.23.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599494/; classtype:trojan-activity;sid:84462594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.166.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599493/; classtype:trojan-activity;sid:84462593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.191.45"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599492/; classtype:trojan-activity;sid:84462592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.73.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599491/; classtype:trojan-activity;sid:84462591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599490/; classtype:trojan-activity;sid:84462590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.21.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599489/; classtype:trojan-activity;sid:84462589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.80.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599488/; classtype:trojan-activity;sid:84462588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.115.203.114"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599487/; classtype:trojan-activity;sid:84462587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.118.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599486/; classtype:trojan-activity;sid:84462586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.219.50"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599485/; classtype:trojan-activity;sid:84462585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/6890cd8aa74fd_web.exe"; depth:30; endswith; nocase; http.host; content:"193.56.135.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599484/; classtype:trojan-activity;sid:84462584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/68883ffa4cd0e_wgta.exe"; depth:31; endswith; nocase; http.host; content:"193.56.135.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599483/; classtype:trojan-activity;sid:84462583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/6888400f5c9b0_m.exe"; depth:28; endswith; nocase; http.host; content:"193.56.135.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599481/; classtype:trojan-activity;sid:84462581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/6890cdbfcab28_m.exe"; depth:28; endswith; nocase; http.host; content:"193.56.135.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599482/; classtype:trojan-activity;sid:84462582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599480/; classtype:trojan-activity;sid:84462580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599479/; classtype:trojan-activity;sid:84462579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599475/; classtype:trojan-activity;sid:84462575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599476/; classtype:trojan-activity;sid:84462576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599477/; classtype:trojan-activity;sid:84462577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599478/; classtype:trojan-activity;sid:84462578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.170.226.17"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599474/; classtype:trojan-activity;sid:84462574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.115.203.114"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599473/; classtype:trojan-activity;sid:84462573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.252.196.134"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599472/; classtype:trojan-activity;sid:84462572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.185.39"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599471/; classtype:trojan-activity;sid:84462571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v9d9d.exe"; depth:10; endswith; nocase; http.host; content:"167.160.161.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599470/; classtype:trojan-activity;sid:84462570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l838.exe"; depth:9; endswith; nocase; http.host; content:"167.160.161.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599469/; classtype:trojan-activity;sid:84462569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x8482.exe"; depth:10; endswith; nocase; http.host; content:"167.160.161.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599464/; classtype:trojan-activity;sid:84462564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v888e.exe"; depth:10; endswith; nocase; http.host; content:"167.160.161.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599465/; classtype:trojan-activity;sid:84462565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n89393.exe"; depth:11; endswith; nocase; http.host; content:"167.160.161.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599466/; classtype:trojan-activity;sid:84462566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q8d90.exe"; depth:10; endswith; nocase; http.host; content:"167.160.161.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599467/; classtype:trojan-activity;sid:84462567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssrt4.exe"; depth:10; endswith; nocase; http.host; content:"167.160.161.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599468/; classtype:trojan-activity;sid:84462568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7720756496/ifkym0a.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599463/; classtype:trojan-activity;sid:84462563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lander/domain/erpjfuwc.exe"; depth:27; endswith; nocase; http.host; content:"desk-app-now.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599462/; classtype:trojan-activity;sid:84462562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.x86"; depth:25; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599459/; classtype:trojan-activity;sid:84462559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.i686"; depth:26; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599460/; classtype:trojan-activity;sid:84462560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8327455725/otoczbd.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599461/; classtype:trojan-activity;sid:84462561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.ppc"; depth:25; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599454/; classtype:trojan-activity;sid:84462554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.arm5"; depth:26; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599455/; classtype:trojan-activity;sid:84462555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.mips"; depth:26; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599456/; classtype:trojan-activity;sid:84462556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/debug"; depth:21; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599457/; classtype:trojan-activity;sid:84462557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.arm"; depth:25; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599458/; classtype:trojan-activity;sid:84462558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/room.bak"; depth:9; endswith; nocase; http.host; content:"redroademail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599453/; classtype:trojan-activity;sid:84462553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7251572078/3z0fl2m.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599451/; classtype:trojan-activity;sid:84462551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5968325780/f7hy0su.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599452/; classtype:trojan-activity;sid:84462552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.exe"; depth:11; endswith; nocase; http.host; content:"78.29.45.8"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599450/; classtype:trojan-activity;sid:84462550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.m68k"; depth:26; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599449/; classtype:trojan-activity;sid:84462549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.arc"; depth:25; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599446/; classtype:trojan-activity;sid:84462546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javajar.jar"; depth:12; endswith; nocase; http.host; content:"185.176.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599447/; classtype:trojan-activity;sid:84462547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.spc"; depth:25; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599448/; classtype:trojan-activity;sid:84462548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.arm7"; depth:26; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599442/; classtype:trojan-activity;sid:84462542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.sh4"; depth:25; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599443/; classtype:trojan-activity;sid:84462543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7251572078/aeel4rc.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599444/; classtype:trojan-activity;sid:84462544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599445/; classtype:trojan-activity;sid:84462545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.mpsl"; depth:26; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599439/; classtype:trojan-activity;sid:84462539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.arm6"; depth:26; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599440/; classtype:trojan-activity;sid:84462540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/xarco.x86_64"; depth:28; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599441/; classtype:trojan-activity;sid:84462541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.184.165"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599438/; classtype:trojan-activity;sid:84462538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.252.196.134"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599437/; classtype:trojan-activity;sid:84462537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.170.226.17"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599436/; classtype:trojan-activity;sid:84462536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.185.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599435/; classtype:trojan-activity;sid:84462535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.5.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599434/; classtype:trojan-activity;sid:84462534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.248.203"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599433/; classtype:trojan-activity;sid:84462533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.81.50"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599432/; classtype:trojan-activity;sid:84462532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.142.236"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599431/; classtype:trojan-activity;sid:84462531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.248.203"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599430/; classtype:trojan-activity;sid:84462530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599429/; classtype:trojan-activity;sid:84462529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.248.220"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599428/; classtype:trojan-activity;sid:84462528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.33.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599427/; classtype:trojan-activity;sid:84462527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.236.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599426/; classtype:trojan-activity;sid:84462526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.33.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599425/; classtype:trojan-activity;sid:84462525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.9.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599424/; classtype:trojan-activity;sid:84462524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.96.184"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599423/; classtype:trojan-activity;sid:84462523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.81.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599422/; classtype:trojan-activity;sid:84462522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.186.13"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599421/; classtype:trojan-activity;sid:84462521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.239.186"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599420/; classtype:trojan-activity;sid:84462520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.197.64"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599419/; classtype:trojan-activity;sid:84462519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.217.189"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599418/; classtype:trojan-activity;sid:84462518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.23.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599417/; classtype:trojan-activity;sid:84462517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.81.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599416/; classtype:trojan-activity;sid:84462516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.24.90"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599415/; classtype:trojan-activity;sid:84462515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.77.47.104"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599414/; classtype:trojan-activity;sid:84462514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.13.82"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599413/; classtype:trojan-activity;sid:84462513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.239.186"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599412/; classtype:trojan-activity;sid:84462512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.187.68.198"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599411/; classtype:trojan-activity;sid:84462511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.89.127"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599410/; classtype:trojan-activity;sid:84462510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.103.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599409/; classtype:trojan-activity;sid:84462509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.26.178.103"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599408/; classtype:trojan-activity;sid:84462508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599407/; classtype:trojan-activity;sid:84462507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.250.152"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599404/; classtype:trojan-activity;sid:84462504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"103.191.63.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599405/; classtype:trojan-activity;sid:84462505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.38.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599406/; classtype:trojan-activity;sid:84462506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599402/; classtype:trojan-activity;sid:84462502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.182.135"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599403/; classtype:trojan-activity;sid:84462503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599401/; classtype:trojan-activity;sid:84462501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.141"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599400/; classtype:trojan-activity;sid:84462500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.84.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599399/; classtype:trojan-activity;sid:84462499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.187.68.198"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599398/; classtype:trojan-activity;sid:84462498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.137.249.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599397/; classtype:trojan-activity;sid:84462497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.157.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599396/; classtype:trojan-activity;sid:84462496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.243.14"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599395/; classtype:trojan-activity;sid:84462495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.209.205"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599394/; classtype:trojan-activity;sid:84462494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.26.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599393/; classtype:trojan-activity;sid:84462493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.141"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599392/; classtype:trojan-activity;sid:84462492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.84.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599391/; classtype:trojan-activity;sid:84462491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.23.167"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599390/; classtype:trojan-activity;sid:84462490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.157.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599389/; classtype:trojan-activity;sid:84462489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.26.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599388/; classtype:trojan-activity;sid:84462488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.179.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599387/; classtype:trojan-activity;sid:84462487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.23.167"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599386/; classtype:trojan-activity;sid:84462486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.148.136"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599385/; classtype:trojan-activity;sid:84462485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.176.123"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599384/; classtype:trojan-activity;sid:84462484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.154.231"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599383/; classtype:trojan-activity;sid:84462483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.148.136"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599382/; classtype:trojan-activity;sid:84462482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.73.209"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599381/; classtype:trojan-activity;sid:84462481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.60.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599380/; classtype:trojan-activity;sid:84462480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.94.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599379/; classtype:trojan-activity;sid:84462479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.154.231"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599378/; classtype:trojan-activity;sid:84462478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.20.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599377/; classtype:trojan-activity;sid:84462477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.186.13"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599376/; classtype:trojan-activity;sid:84462476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.215.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599375/; classtype:trojan-activity;sid:84462475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.94.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599374/; classtype:trojan-activity;sid:84462474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.53.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599373/; classtype:trojan-activity;sid:84462473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.190.170"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599372/; classtype:trojan-activity;sid:84462472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"195.96.129.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599369/; classtype:trojan-activity;sid:84462469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"195.96.129.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599370/; classtype:trojan-activity;sid:84462470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"195.96.129.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599371/; classtype:trojan-activity;sid:84462471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"195.96.129.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599367/; classtype:trojan-activity;sid:84462467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"195.96.129.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599368/; classtype:trojan-activity;sid:84462468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.45.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599366/; classtype:trojan-activity;sid:84462466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"195.96.129.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599360/; classtype:trojan-activity;sid:84462460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"195.96.129.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599361/; classtype:trojan-activity;sid:84462461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"195.96.129.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599362/; classtype:trojan-activity;sid:84462462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"195.96.129.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599363/; classtype:trojan-activity;sid:84462463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"195.96.129.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599364/; classtype:trojan-activity;sid:84462464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"195.96.129.36"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599365/; classtype:trojan-activity;sid:84462465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.191.59.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599359/; classtype:trojan-activity;sid:84462459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.101.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599358/; classtype:trojan-activity;sid:84462458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.20.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599357/; classtype:trojan-activity;sid:84462457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.31.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599356/; classtype:trojan-activity;sid:84462456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.60.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599355/; classtype:trojan-activity;sid:84462455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.238.63"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599354/; classtype:trojan-activity;sid:84462454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.50.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599353/; classtype:trojan-activity;sid:84462453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.178.245"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599352/; classtype:trojan-activity;sid:84462452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.101.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599351/; classtype:trojan-activity;sid:84462451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.178.245"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599350/; classtype:trojan-activity;sid:84462450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.183.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599349/; classtype:trojan-activity;sid:84462449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599348/; classtype:trojan-activity;sid:84462448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.241.102"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599347/; classtype:trojan-activity;sid:84462447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.158.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599345/; classtype:trojan-activity;sid:84462445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.120.183"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599346/; classtype:trojan-activity;sid:84462446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.176.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599344/; classtype:trojan-activity;sid:84462444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.19.51.42"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599343/; classtype:trojan-activity;sid:84462443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599337/; classtype:trojan-activity;sid:84462437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599338/; classtype:trojan-activity;sid:84462438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599339/; classtype:trojan-activity;sid:84462439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599340/; classtype:trojan-activity;sid:84462440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599341/; classtype:trojan-activity;sid:84462441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599342/; classtype:trojan-activity;sid:84462442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599327/; classtype:trojan-activity;sid:84462427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599328/; classtype:trojan-activity;sid:84462428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599329/; classtype:trojan-activity;sid:84462429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599330/; classtype:trojan-activity;sid:84462430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599331/; classtype:trojan-activity;sid:84462431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599332/; classtype:trojan-activity;sid:84462432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599333/; classtype:trojan-activity;sid:84462433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599334/; classtype:trojan-activity;sid:84462434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599335/; classtype:trojan-activity;sid:84462435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"188.166.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599336/; classtype:trojan-activity;sid:84462436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.193.151"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599325/; classtype:trojan-activity;sid:84462425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.123.96"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599326/; classtype:trojan-activity;sid:84462426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599324/; classtype:trojan-activity;sid:84462424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.19.51.42"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599323/; classtype:trojan-activity;sid:84462423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.21.130"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599322/; classtype:trojan-activity;sid:84462422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.30.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599321/; classtype:trojan-activity;sid:84462421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.176.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599320/; classtype:trojan-activity;sid:84462420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.186.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599319/; classtype:trojan-activity;sid:84462419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599318/; classtype:trojan-activity;sid:84462418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.165.238"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599317/; classtype:trojan-activity;sid:84462417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.21.130"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599316/; classtype:trojan-activity;sid:84462416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.185.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599315/; classtype:trojan-activity;sid:84462415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.134.196"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599314/; classtype:trojan-activity;sid:84462414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599313/; classtype:trojan-activity;sid:84462413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.237.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599312/; classtype:trojan-activity;sid:84462412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.159.77.43"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599311/; classtype:trojan-activity;sid:84462411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.185.39"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599310/; classtype:trojan-activity;sid:84462410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.123.96"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599309/; classtype:trojan-activity;sid:84462409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.73.52"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599308/; classtype:trojan-activity;sid:84462408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.35.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599307/; classtype:trojan-activity;sid:84462407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.185.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599306/; classtype:trojan-activity;sid:84462406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.237.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599305/; classtype:trojan-activity;sid:84462405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.35.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599304/; classtype:trojan-activity;sid:84462404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.75.113"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599303/; classtype:trojan-activity;sid:84462403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.114.199.203"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599302/; classtype:trojan-activity;sid:84462402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.101.30.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599301/; classtype:trojan-activity;sid:84462401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.70.175"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599300/; classtype:trojan-activity;sid:84462400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"178.128.48.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599297/; classtype:trojan-activity;sid:84462397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"178.128.48.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599298/; classtype:trojan-activity;sid:84462398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.202.51"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599299/; classtype:trojan-activity;sid:84462399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.243.14"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599295/; classtype:trojan-activity;sid:84462395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.61.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599296/; classtype:trojan-activity;sid:84462396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.61.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599294/; classtype:trojan-activity;sid:84462394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.75.113"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599293/; classtype:trojan-activity;sid:84462393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.210.26"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599292/; classtype:trojan-activity;sid:84462392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.114.199.203"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599291/; classtype:trojan-activity;sid:84462391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.11.96"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599290/; classtype:trojan-activity;sid:84462390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.198.208"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599289/; classtype:trojan-activity;sid:84462389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.212.206"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599288/; classtype:trojan-activity;sid:84462388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.235.37"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599287/; classtype:trojan-activity;sid:84462387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.194.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599286/; classtype:trojan-activity;sid:84462386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.51.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599285/; classtype:trojan-activity;sid:84462385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.229.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599284/; classtype:trojan-activity;sid:84462384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.118.255"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599283/; classtype:trojan-activity;sid:84462383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.19.91"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599282/; classtype:trojan-activity;sid:84462382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.212.206"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599281/; classtype:trojan-activity;sid:84462381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.58.89"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599280/; classtype:trojan-activity;sid:84462380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.229.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599279/; classtype:trojan-activity;sid:84462379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.51.34"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599278/; classtype:trojan-activity;sid:84462378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.19.91"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599277/; classtype:trojan-activity;sid:84462377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.234.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599276/; classtype:trojan-activity;sid:84462376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.224.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599275/; classtype:trojan-activity;sid:84462375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.194.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599274/; classtype:trojan-activity;sid:84462374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.51.34"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599273/; classtype:trojan-activity;sid:84462373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.58.89"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599272/; classtype:trojan-activity;sid:84462372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"45.153.34.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599270/; classtype:trojan-activity;sid:84462370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.153.34.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599271/; classtype:trojan-activity;sid:84462371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.153.34.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599268/; classtype:trojan-activity;sid:84462368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.153.34.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599269/; classtype:trojan-activity;sid:84462369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.153.34.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599263/; classtype:trojan-activity;sid:84462363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.153.34.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599264/; classtype:trojan-activity;sid:84462364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.153.34.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599265/; classtype:trojan-activity;sid:84462365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.153.34.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599266/; classtype:trojan-activity;sid:84462366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"162.247.155.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599267/; classtype:trojan-activity;sid:84462367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.153.34.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599260/; classtype:trojan-activity;sid:84462360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.153.34.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599261/; classtype:trojan-activity;sid:84462361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.153.34.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599262/; classtype:trojan-activity;sid:84462362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.29.46.195"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599259/; classtype:trojan-activity;sid:84462359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.110.30.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599258/; classtype:trojan-activity;sid:84462358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.157.206"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599257/; classtype:trojan-activity;sid:84462357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.157.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599256/; classtype:trojan-activity;sid:84462356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.224.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599255/; classtype:trojan-activity;sid:84462355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.68.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599254/; classtype:trojan-activity;sid:84462354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.155.229"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599253/; classtype:trojan-activity;sid:84462353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.234.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599252/; classtype:trojan-activity;sid:84462352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.89.103"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599251/; classtype:trojan-activity;sid:84462351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.115.40"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599250/; classtype:trojan-activity;sid:84462350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.200.173.244"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599249/; classtype:trojan-activity;sid:84462349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.114.64"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599248/; classtype:trojan-activity;sid:84462348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.157.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599247/; classtype:trojan-activity;sid:84462347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.4.239"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599246/; classtype:trojan-activity;sid:84462346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.155.229"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599245/; classtype:trojan-activity;sid:84462345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.250.15.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599244/; classtype:trojan-activity;sid:84462344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.4.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599243/; classtype:trojan-activity;sid:84462343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"212.34.126.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599242/; classtype:trojan-activity;sid:84462342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.250.15.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599241/; classtype:trojan-activity;sid:84462341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.248.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599240/; classtype:trojan-activity;sid:84462340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.48.159"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599239/; classtype:trojan-activity;sid:84462339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.47.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599238/; classtype:trojan-activity;sid:84462338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.184.25"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599237/; classtype:trojan-activity;sid:84462337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.184.25"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599236/; classtype:trojan-activity;sid:84462336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aydendev0/cd4afc0d20c6/raw/refs/heads/main/model.bin"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599235/; classtype:trojan-activity;sid:84462335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aydendev0/cd4afc0d20c6/raw/refs/heads/main/module.bin"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599234/; classtype:trojan-activity;sid:84462334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aydendev0/cd4afc0d20c6/raw/refs/heads/main/main.bin"; depth:52; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599233/; classtype:trojan-activity;sid:84462333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aydendev0/cd4afc0d20c6/raw/refs/heads/main/model2.bin"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599232/; classtype:trojan-activity;sid:84462332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aydendev0/cd4afc0d20c6/refs/heads/main/model2.bin"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599231/; classtype:trojan-activity;sid:84462331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aydendev0/cd4afc0d20c6/refs/heads/main/model2.bi"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599230/; classtype:trojan-activity;sid:84462330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evernew/autopilot.zip"; depth:22; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599229/; classtype:trojan-activity;sid:84462329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_f1a2e0cba9c6488882e4b902171ade6a.txt"; depth:45; endswith; nocase; http.host; content:"mncxzswedf.lovestoblog.com"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599228/; classtype:trojan-activity;sid:84462328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_cee374ee6b084acaa2908b847c30702d.txt"; depth:45; endswith; nocase; http.host; content:"mncxzswedf.lovestoblog.com"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599227/; classtype:trojan-activity;sid:84462327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_d3df2e2b4be84b969fad259d09736133.txt"; depth:45; endswith; nocase; http.host; content:"mncxzswedf.lovestoblog.com"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599226/; classtype:trojan-activity;sid:84462326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/stein.txt"; depth:16; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599225/; classtype:trojan-activity;sid:84462325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/s.zip"; depth:12; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599220/; classtype:trojan-activity;sid:84462320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/eurooooo.zip"; depth:19; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599221/; classtype:trojan-activity;sid:84462321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/wads.zip"; depth:15; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599222/; classtype:trojan-activity;sid:84462322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evernew/bgain.txt"; depth:18; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599223/; classtype:trojan-activity;sid:84462323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/xzczct.zip"; depth:17; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599224/; classtype:trojan-activity;sid:84462324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599219/; classtype:trojan-activity;sid:84462319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.156.143.62"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599218/; classtype:trojan-activity;sid:84462318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mm/updmmm.exe"; depth:14; endswith; nocase; http.host; content:"xbkvn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599217/; classtype:trojan-activity;sid:84462317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.180.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599216/; classtype:trojan-activity;sid:84462316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.248.216"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599215/; classtype:trojan-activity;sid:84462315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.31.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599214/; classtype:trojan-activity;sid:84462314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.91.218"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599213/; classtype:trojan-activity;sid:84462313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.1.239"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599212/; classtype:trojan-activity;sid:84462312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.1.239"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599211/; classtype:trojan-activity;sid:84462311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.31.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599210/; classtype:trojan-activity;sid:84462310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5390889402/l6qqkwt.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599209/; classtype:trojan-activity;sid:84462309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.180.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599208/; classtype:trojan-activity;sid:84462308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.180.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599207/; classtype:trojan-activity;sid:84462307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.176.225"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599206/; classtype:trojan-activity;sid:84462306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.91.218"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599205/; classtype:trojan-activity;sid:84462305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.176.225"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599204/; classtype:trojan-activity;sid:84462304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.34.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599203/; classtype:trojan-activity;sid:84462303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.58.209.109"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599202/; classtype:trojan-activity;sid:84462302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.126.86.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599201/; classtype:trojan-activity;sid:84462301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.68.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599200/; classtype:trojan-activity;sid:84462300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.40.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599199/; classtype:trojan-activity;sid:84462299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.46.73"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599198/; classtype:trojan-activity;sid:84462298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.15.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599197/; classtype:trojan-activity;sid:84462297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.191.255.234"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599196/; classtype:trojan-activity;sid:84462296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.58.209.109"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599195/; classtype:trojan-activity;sid:84462295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.124.167.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599194/; classtype:trojan-activity;sid:84462294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.40.242.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599193/; classtype:trojan-activity;sid:84462293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.84.192"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599192/; classtype:trojan-activity;sid:84462292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.177.151.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599191/; classtype:trojan-activity;sid:84462291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.219.218.229"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599186/; classtype:trojan-activity;sid:84462286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.89.127"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599187/; classtype:trojan-activity;sid:84462287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.118.255"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599188/; classtype:trojan-activity;sid:84462288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.77.47.104"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599189/; classtype:trojan-activity;sid:84462289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.188.58"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599190/; classtype:trojan-activity;sid:84462290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.124.167.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599181/; classtype:trojan-activity;sid:84462281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.22.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599182/; classtype:trojan-activity;sid:84462282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.110.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599183/; classtype:trojan-activity;sid:84462283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.86.12"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599184/; classtype:trojan-activity;sid:84462284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.183.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599185/; classtype:trojan-activity;sid:84462285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.126.86.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599180/; classtype:trojan-activity;sid:84462280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.134.196"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599179/; classtype:trojan-activity;sid:84462279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.40.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599178/; classtype:trojan-activity;sid:84462278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.236.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599177/; classtype:trojan-activity;sid:84462277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.15.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599176/; classtype:trojan-activity;sid:84462276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.40.242.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599175/; classtype:trojan-activity;sid:84462275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.189.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599174/; classtype:trojan-activity;sid:84462274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.236.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599173/; classtype:trojan-activity;sid:84462273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.103"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599172/; classtype:trojan-activity;sid:84462272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.189.103"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599171/; classtype:trojan-activity;sid:84462271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.253.0"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599170/; classtype:trojan-activity;sid:84462270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.23.93"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599169/; classtype:trojan-activity;sid:84462269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.58.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599168/; classtype:trojan-activity;sid:84462268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.206.189"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599167/; classtype:trojan-activity;sid:84462267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.213.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599166/; classtype:trojan-activity;sid:84462266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.40.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599165/; classtype:trojan-activity;sid:84462265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.23.93"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599164/; classtype:trojan-activity;sid:84462264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.86.55"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599163/; classtype:trojan-activity;sid:84462263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599162/; classtype:trojan-activity;sid:84462262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599161/; classtype:trojan-activity;sid:84462261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599160/; classtype:trojan-activity;sid:84462260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.162.12"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599159/; classtype:trojan-activity;sid:84462259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.86.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599158/; classtype:trojan-activity;sid:84462258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.158.74.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599157/; classtype:trojan-activity;sid:84462257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.4.239"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599156/; classtype:trojan-activity;sid:84462256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.199.128"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599155/; classtype:trojan-activity;sid:84462255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.130.132.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599154/; classtype:trojan-activity;sid:84462254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8d1h.dof"; depth:9; endswith; nocase; http.host; content:"0x0.st"; depth:6; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599152/; classtype:trojan-activity;sid:84462252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.158.74.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599153/; classtype:trojan-activity;sid:84462253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7029650952/kpwstxu.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599151/; classtype:trojan-activity;sid:84462251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7950304585/lif9yk7.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599150/; classtype:trojan-activity;sid:84462250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.exe"; depth:6; endswith; nocase; http.host; content:"14.103.234.180"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599149/; classtype:trojan-activity;sid:84462249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.26.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599148/; classtype:trojan-activity;sid:84462248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.226.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599147/; classtype:trojan-activity;sid:84462247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.199.128"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599146/; classtype:trojan-activity;sid:84462246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.171.177.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599145/; classtype:trojan-activity;sid:84462245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.238.184"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599144/; classtype:trojan-activity;sid:84462244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.115.104"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599143/; classtype:trojan-activity;sid:84462243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.226.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599142/; classtype:trojan-activity;sid:84462242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.232.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599141/; classtype:trojan-activity;sid:84462241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.230.88.54"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599140/; classtype:trojan-activity;sid:84462240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.238.184"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599139/; classtype:trojan-activity;sid:84462239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.6.102"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599138/; classtype:trojan-activity;sid:84462238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.238.81"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599137/; classtype:trojan-activity;sid:84462237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.191.195"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599136/; classtype:trojan-activity;sid:84462236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.164.164"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599135/; classtype:trojan-activity;sid:84462235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.246.192"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599134/; classtype:trojan-activity;sid:84462234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.arm5"; depth:18; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599133/; classtype:trojan-activity;sid:84462233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.mpsl"; depth:18; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599131/; classtype:trojan-activity;sid:84462231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.x86_64"; depth:20; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599132/; classtype:trojan-activity;sid:84462232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.arm6"; depth:18; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599127/; classtype:trojan-activity;sid:84462227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.arm7"; depth:18; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599128/; classtype:trojan-activity;sid:84462228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.mips"; depth:18; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599129/; classtype:trojan-activity;sid:84462229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.x86"; depth:17; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599130/; classtype:trojan-activity;sid:84462230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.arm"; depth:17; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599122/; classtype:trojan-activity;sid:84462222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.m68k"; depth:18; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599123/; classtype:trojan-activity;sid:84462223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.ppc"; depth:17; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599124/; classtype:trojan-activity;sid:84462224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.sh4"; depth:17; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599125/; classtype:trojan-activity;sid:84462225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemd.spc"; depth:17; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599126/; classtype:trojan-activity;sid:84462226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waiting.sh"; depth:11; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599119/; classtype:trojan-activity;sid:84462219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abd.sh"; depth:7; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599120/; classtype:trojan-activity;sid:84462220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/car.sh"; depth:7; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599121/; classtype:trojan-activity;sid:84462221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"188.253.120.138"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599118/; classtype:trojan-activity;sid:84462218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"86.106.85.185"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599115/; classtype:trojan-activity;sid:84462215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"206.221.176.23"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599116/; classtype:trojan-activity;sid:84462216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"206.221.176.23"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599117/; classtype:trojan-activity;sid:84462217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.106.229.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599113/; classtype:trojan-activity;sid:84462213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.153.97.202"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599114/; classtype:trojan-activity;sid:84462214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.214.172.80"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599110/; classtype:trojan-activity;sid:84462210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.83.8.68"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599111/; classtype:trojan-activity;sid:84462211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.238.86.135"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599112/; classtype:trojan-activity;sid:84462212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.117.31.240"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599108/; classtype:trojan-activity;sid:84462208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.239.215.8"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599109/; classtype:trojan-activity;sid:84462209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.181.2.166"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599107/; classtype:trojan-activity;sid:84462207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.90.236.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599101/; classtype:trojan-activity;sid:84462201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.50.73.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599102/; classtype:trojan-activity;sid:84462202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.152.199"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599103/; classtype:trojan-activity;sid:84462203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.13.92.37"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599104/; classtype:trojan-activity;sid:84462204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.239.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599105/; classtype:trojan-activity;sid:84462205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.54.221.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599106/; classtype:trojan-activity;sid:84462206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"116.105.132.153"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599100/; classtype:trojan-activity;sid:84462200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.132.187"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599094/; classtype:trojan-activity;sid:84462194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.140.60.32"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599095/; classtype:trojan-activity;sid:84462195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.167.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599096/; classtype:trojan-activity;sid:84462196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.171.223.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599097/; classtype:trojan-activity;sid:84462197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599098/; classtype:trojan-activity;sid:84462198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.184.237.171"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599099/; classtype:trojan-activity;sid:84462199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"78.51.171.108"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599092/; classtype:trojan-activity;sid:84462192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.235.87.23"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599093/; classtype:trojan-activity;sid:84462193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.238.81"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599091/; classtype:trojan-activity;sid:84462191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.247.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599090/; classtype:trojan-activity;sid:84462190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.191.195"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599089/; classtype:trojan-activity;sid:84462189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.164.164"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599088/; classtype:trojan-activity;sid:84462188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.191.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599087/; classtype:trojan-activity;sid:84462187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.246.192"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599086/; classtype:trojan-activity;sid:84462186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.3.47"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599085/; classtype:trojan-activity;sid:84462185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.247.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599084/; classtype:trojan-activity;sid:84462184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.212.234"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599083/; classtype:trojan-activity;sid:84462183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.3.47"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599082/; classtype:trojan-activity;sid:84462182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.234.173"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599081/; classtype:trojan-activity;sid:84462181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.209.205"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599080/; classtype:trojan-activity;sid:84462180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.156.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599079/; classtype:trojan-activity;sid:84462179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.40.81.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599078/; classtype:trojan-activity;sid:84462178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.212.234"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599077/; classtype:trojan-activity;sid:84462177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.191.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599076/; classtype:trojan-activity;sid:84462176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.78.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599075/; classtype:trojan-activity;sid:84462175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.234.173"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599074/; classtype:trojan-activity;sid:84462174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.156.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599073/; classtype:trojan-activity;sid:84462173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.89.103"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599072/; classtype:trojan-activity;sid:84462172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.180.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599071/; classtype:trojan-activity;sid:84462171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.5.10"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599070/; classtype:trojan-activity;sid:84462170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.92.93.165"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599069/; classtype:trojan-activity;sid:84462169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.6.102"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599068/; classtype:trojan-activity;sid:84462168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599067/; classtype:trojan-activity;sid:84462167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599066/; classtype:trojan-activity;sid:84462166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599065/; classtype:trojan-activity;sid:84462165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599064/; classtype:trojan-activity;sid:84462164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599063/; classtype:trojan-activity;sid:84462163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599062/; classtype:trojan-activity;sid:84462162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599058/; classtype:trojan-activity;sid:84462158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599059/; classtype:trojan-activity;sid:84462159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599060/; classtype:trojan-activity;sid:84462160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.sh"; depth:8; endswith; nocase; http.host; content:"82.22.184.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599061/; classtype:trojan-activity;sid:84462161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.140.172"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599057/; classtype:trojan-activity;sid:84462157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.80.121.234"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599056/; classtype:trojan-activity;sid:84462156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.226.174.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599055/; classtype:trojan-activity;sid:84462155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.180.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599054/; classtype:trojan-activity;sid:84462154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.92.93.165"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599053/; classtype:trojan-activity;sid:84462153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.47.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599052/; classtype:trojan-activity;sid:84462152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.36.124"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599051/; classtype:trojan-activity;sid:84462151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.190.200"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599050/; classtype:trojan-activity;sid:84462150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.2.92"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599049/; classtype:trojan-activity;sid:84462149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.36.124"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599048/; classtype:trojan-activity;sid:84462148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.195.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599047/; classtype:trojan-activity;sid:84462147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.5.10"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599046/; classtype:trojan-activity;sid:84462146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.162.58"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599045/; classtype:trojan-activity;sid:84462145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.67.17"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599044/; classtype:trojan-activity;sid:84462144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.190.200"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599043/; classtype:trojan-activity;sid:84462143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.125.44"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599042/; classtype:trojan-activity;sid:84462142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.2.92"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599041/; classtype:trojan-activity;sid:84462141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.177.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599040/; classtype:trojan-activity;sid:84462140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.162.58"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599039/; classtype:trojan-activity;sid:84462139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.78.9"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599038/; classtype:trojan-activity;sid:84462138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.spc"; depth:8; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599037/; classtype:trojan-activity;sid:84462137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599032/; classtype:trojan-activity;sid:84462132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599033/; classtype:trojan-activity;sid:84462133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"64.72.205.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599034/; classtype:trojan-activity;sid:84462134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"64.72.205.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599035/; classtype:trojan-activity;sid:84462135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"64.72.205.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599036/; classtype:trojan-activity;sid:84462136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599019/; classtype:trojan-activity;sid:84462119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599020/; classtype:trojan-activity;sid:84462120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599021/; classtype:trojan-activity;sid:84462121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"64.72.205.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599022/; classtype:trojan-activity;sid:84462122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"64.72.205.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599023/; classtype:trojan-activity;sid:84462123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"64.72.205.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599024/; classtype:trojan-activity;sid:84462124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"64.72.205.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599025/; classtype:trojan-activity;sid:84462125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"64.72.205.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599026/; classtype:trojan-activity;sid:84462126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"64.72.205.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599027/; classtype:trojan-activity;sid:84462127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"64.72.205.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599028/; classtype:trojan-activity;sid:84462128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"64.72.205.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599029/; classtype:trojan-activity;sid:84462129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599030/; classtype:trojan-activity;sid:84462130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599031/; classtype:trojan-activity;sid:84462131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599018/; classtype:trojan-activity;sid:84462118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yiwyu/raw"; depth:10; endswith; nocase; http.host; content:"dpaste.org"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599017/; classtype:trojan-activity;sid:84462117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.191.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599016/; classtype:trojan-activity;sid:84462116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.201.249"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599015/; classtype:trojan-activity;sid:84462115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.100.43"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599014/; classtype:trojan-activity;sid:84462114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599008/; classtype:trojan-activity;sid:84462108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.mpsl"; depth:9; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599009/; classtype:trojan-activity;sid:84462109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.x86"; depth:8; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599010/; classtype:trojan-activity;sid:84462110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599011/; classtype:trojan-activity;sid:84462111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.x86_64"; depth:11; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599012/; classtype:trojan-activity;sid:84462112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.sh4"; depth:8; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599013/; classtype:trojan-activity;sid:84462113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598988/; classtype:trojan-activity;sid:84462088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598989/; classtype:trojan-activity;sid:84462089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598990/; classtype:trojan-activity;sid:84462090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598991/; classtype:trojan-activity;sid:84462091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598992/; classtype:trojan-activity;sid:84462092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598993/; classtype:trojan-activity;sid:84462093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598994/; classtype:trojan-activity;sid:84462094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598995/; classtype:trojan-activity;sid:84462095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.arm7"; depth:9; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598996/; classtype:trojan-activity;sid:84462096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.mips"; depth:9; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598997/; classtype:trojan-activity;sid:84462097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598998/; classtype:trojan-activity;sid:84462098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.sh"; depth:7; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598999/; classtype:trojan-activity;sid:84462099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599000/; classtype:trojan-activity;sid:84462100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599001/; classtype:trojan-activity;sid:84462101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.m68k"; depth:9; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599002/; classtype:trojan-activity;sid:84462102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.arm5"; depth:9; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599003/; classtype:trojan-activity;sid:84462103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599004/; classtype:trojan-activity;sid:84462104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.ppc"; depth:8; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599005/; classtype:trojan-activity;sid:84462105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.arm"; depth:8; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599006/; classtype:trojan-activity;sid:84462106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599007/; classtype:trojan-activity;sid:84462107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598984/; classtype:trojan-activity;sid:84462084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598985/; classtype:trojan-activity;sid:84462085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598986/; classtype:trojan-activity;sid:84462086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598987/; classtype:trojan-activity;sid:84462087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gay.arm6"; depth:9; endswith; nocase; http.host; content:"45.156.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598983/; classtype:trojan-activity;sid:84462083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598981/; classtype:trojan-activity;sid:84462081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598982/; classtype:trojan-activity;sid:84462082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598980/; classtype:trojan-activity;sid:84462080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.79.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598979/; classtype:trojan-activity;sid:84462079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/runtime.exe"; depth:20; endswith; nocase; http.host; content:"77.110.103.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598976/; classtype:trojan-activity;sid:84462076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/752795307/awjs9ng.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598977/; classtype:trojan-activity;sid:84462077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morp/output_image.bmp"; depth:22; endswith; nocase; http.host; content:"maxwallfoods.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598975/; classtype:trojan-activity;sid:84462075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/build.x86_64"; depth:18; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598970/; classtype:trojan-activity;sid:84462070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/build.armv4l"; depth:18; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598971/; classtype:trojan-activity;sid:84462071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morp/output_image.bmp"; depth:22; endswith; nocase; http.host; content:"maxwallfoods.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598972/; classtype:trojan-activity;sid:84462072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/build.armv7l"; depth:18; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598973/; classtype:trojan-activity;sid:84462073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7h45id.bmp"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598974/; classtype:trojan-activity;sid:84462074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.169.45.148"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598961/; classtype:trojan-activity;sid:84462061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/todos.bmp"; depth:16; endswith; nocase; http.host; content:"107.150.0.86"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598962/; classtype:trojan-activity;sid:84462062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/build.armv5l"; depth:18; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598963/; classtype:trojan-activity;sid:84462063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/build.powerpc"; depth:19; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598964/; classtype:trojan-activity;sid:84462064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/build.sparc"; depth:17; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598965/; classtype:trojan-activity;sid:84462065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/build.armv6l"; depth:18; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598966/; classtype:trojan-activity;sid:84462066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/build.sh4"; depth:15; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598967/; classtype:trojan-activity;sid:84462067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/build.mipsel"; depth:18; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598968/; classtype:trojan-activity;sid:84462068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/build.mips"; depth:16; endswith; nocase; http.host; content:"141.98.10.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598969/; classtype:trojan-activity;sid:84462069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7699731621/osqoy7q.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598960/; classtype:trojan-activity;sid:84462060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5765828710/ql2m7cr.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598959/; classtype:trojan-activity;sid:84462059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output_image.bmp"; depth:17; endswith; nocase; http.host; content:"serverdata-cloud.cloud"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598958/; classtype:trojan-activity;sid:84462058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/777476257/nxvhpne.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598955/; classtype:trojan-activity;sid:84462055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7717483630/wfatnlz.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598956/; classtype:trojan-activity;sid:84462056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7382018045/erm2ns5.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598957/; classtype:trojan-activity;sid:84462057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.78.24"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598954/; classtype:trojan-activity;sid:84462054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.49.65"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598953/; classtype:trojan-activity;sid:84462053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.222.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598952/; classtype:trojan-activity;sid:84462052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.209.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598951/; classtype:trojan-activity;sid:84462051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.169.45.148"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598950/; classtype:trojan-activity;sid:84462050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.100.43"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598949/; classtype:trojan-activity;sid:84462049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.121.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598947/; classtype:trojan-activity;sid:84462047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.122.235"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598948/; classtype:trojan-activity;sid:84462048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.181.218"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598946/; classtype:trojan-activity;sid:84462046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.222.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598945/; classtype:trojan-activity;sid:84462045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.90.29.51"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598944/; classtype:trojan-activity;sid:84462044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.203.233.182"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598943/; classtype:trojan-activity;sid:84462043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.209.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598942/; classtype:trojan-activity;sid:84462042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.122.235"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598941/; classtype:trojan-activity;sid:84462041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.121.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598940/; classtype:trojan-activity;sid:84462040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.181.218"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598939/; classtype:trojan-activity;sid:84462039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.26.125"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598938/; classtype:trojan-activity;sid:84462038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.26.125"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598937/; classtype:trojan-activity;sid:84462037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.198.129.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598936/; classtype:trojan-activity;sid:84462036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.90.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598934/; classtype:trojan-activity;sid:84462034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.7.247"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598935/; classtype:trojan-activity;sid:84462035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.160.225"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598933/; classtype:trojan-activity;sid:84462033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.110.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598932/; classtype:trojan-activity;sid:84462032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.198.129.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598931/; classtype:trojan-activity;sid:84462031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.7.247"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598930/; classtype:trojan-activity;sid:84462030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.44.14"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598929/; classtype:trojan-activity;sid:84462029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.241.246"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598928/; classtype:trojan-activity;sid:84462028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.90.210"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598927/; classtype:trojan-activity;sid:84462027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.26.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598926/; classtype:trojan-activity;sid:84462026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.44.14"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598925/; classtype:trojan-activity;sid:84462025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.241.246"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598924/; classtype:trojan-activity;sid:84462024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598923/; classtype:trojan-activity;sid:84462023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.82.77"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598922/; classtype:trojan-activity;sid:84462022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598921/; classtype:trojan-activity;sid:84462021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598920/; classtype:trojan-activity;sid:84462020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.102.79.2"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598919/; classtype:trojan-activity;sid:84462019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.82.77"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598918/; classtype:trojan-activity;sid:84462018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.148.191"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598917/; classtype:trojan-activity;sid:84462017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.189.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598916/; classtype:trojan-activity;sid:84462016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.132.252"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598915/; classtype:trojan-activity;sid:84462015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.109.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598914/; classtype:trojan-activity;sid:84462014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.197.64"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598913/; classtype:trojan-activity;sid:84462013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"45.8.145.215"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598910/; classtype:trojan-activity;sid:84462010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.162.27"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598911/; classtype:trojan-activity;sid:84462011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.151.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598912/; classtype:trojan-activity;sid:84462012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.189.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598909/; classtype:trojan-activity;sid:84462009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.132.252"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598908/; classtype:trojan-activity;sid:84462008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.51.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598906/; classtype:trojan-activity;sid:84462006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.109.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598907/; classtype:trojan-activity;sid:84462007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.232.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598905/; classtype:trojan-activity;sid:84462005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.188.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598904/; classtype:trojan-activity;sid:84462004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.232.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598903/; classtype:trojan-activity;sid:84462003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598898/; classtype:trojan-activity;sid:84461998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598899/; classtype:trojan-activity;sid:84461999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598900/; classtype:trojan-activity;sid:84462000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598901/; classtype:trojan-activity;sid:84462001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598902/; classtype:trojan-activity;sid:84462002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598897/; classtype:trojan-activity;sid:84461997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598896/; classtype:trojan-activity;sid:84461996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598895/; classtype:trojan-activity;sid:84461995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598892/; classtype:trojan-activity;sid:84461992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598893/; classtype:trojan-activity;sid:84461993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"176.65.148.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598894/; classtype:trojan-activity;sid:84461994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.65.249"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598891/; classtype:trojan-activity;sid:84461991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.118.52.65"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598890/; classtype:trojan-activity;sid:84461990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.65.249"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598889/; classtype:trojan-activity;sid:84461989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.185.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598887/; classtype:trojan-activity;sid:84461987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.191.132"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598888/; classtype:trojan-activity;sid:84461988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.134.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598886/; classtype:trojan-activity;sid:84461986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.83.206"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598885/; classtype:trojan-activity;sid:84461985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.105.12"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598884/; classtype:trojan-activity;sid:84461984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.89.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598883/; classtype:trojan-activity;sid:84461983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.12.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598882/; classtype:trojan-activity;sid:84461982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.47.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598881/; classtype:trojan-activity;sid:84461981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.83.206"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598880/; classtype:trojan-activity;sid:84461980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.185.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598879/; classtype:trojan-activity;sid:84461979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.105.12"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598878/; classtype:trojan-activity;sid:84461978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.12.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598877/; classtype:trojan-activity;sid:84461977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.130.125"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598876/; classtype:trojan-activity;sid:84461976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.4.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598875/; classtype:trojan-activity;sid:84461975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.47.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598874/; classtype:trojan-activity;sid:84461974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.115.40"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598873/; classtype:trojan-activity;sid:84461973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.37.162"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598872/; classtype:trojan-activity;sid:84461972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.176.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598871/; classtype:trojan-activity;sid:84461971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.130.125"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598870/; classtype:trojan-activity;sid:84461970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.100.130"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598869/; classtype:trojan-activity;sid:84461969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.37.162"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598868/; classtype:trojan-activity;sid:84461968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.207.28"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598867/; classtype:trojan-activity;sid:84461967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.176.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3598866/; classtype:trojan-activity;sid:84461966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.213.243"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598865/; classtype:trojan-activity;sid:84461965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.236.54"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598864/; classtype:trojan-activity;sid:84461964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.236"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598863/; classtype:trojan-activity;sid:84461963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.214.15"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598862/; classtype:trojan-activity;sid:84461962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.231.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598861/; classtype:trojan-activity;sid:84461961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.4.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598860/; classtype:trojan-activity;sid:84461960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.127.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598859/; classtype:trojan-activity;sid:84461959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.45.199"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598858/; classtype:trojan-activity;sid:84461958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.214.15"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598857/; classtype:trojan-activity;sid:84461957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.127.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598855/; classtype:trojan-activity;sid:84461955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.83.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598856/; classtype:trojan-activity;sid:84461956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.83.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598854/; classtype:trojan-activity;sid:84461954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.45.199"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598853/; classtype:trojan-activity;sid:84461953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.187.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598852/; classtype:trojan-activity;sid:84461952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.98.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598851/; classtype:trojan-activity;sid:84461951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.199"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598850/; classtype:trojan-activity;sid:84461950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.180.116"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598849/; classtype:trojan-activity;sid:84461949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.226.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598848/; classtype:trojan-activity;sid:84461948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.199"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598847/; classtype:trojan-activity;sid:84461947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.187.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598846/; classtype:trojan-activity;sid:84461946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.226.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598845/; classtype:trojan-activity;sid:84461945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.98.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598844/; classtype:trojan-activity;sid:84461944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.248.37.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598843/; classtype:trojan-activity;sid:84461943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.11.77"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598842/; classtype:trojan-activity;sid:84461942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.218.2"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598841/; classtype:trojan-activity;sid:84461941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.207.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598840/; classtype:trojan-activity;sid:84461940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.179.228.32"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598839/; classtype:trojan-activity;sid:84461939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.228.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598838/; classtype:trojan-activity;sid:84461938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.65.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598837/; classtype:trojan-activity;sid:84461937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.242.4"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598836/; classtype:trojan-activity;sid:84461936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.85.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598835/; classtype:trojan-activity;sid:84461935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.11.77"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598834/; classtype:trojan-activity;sid:84461934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.113.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598833/; classtype:trojan-activity;sid:84461933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598832/; classtype:trojan-activity;sid:84461932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.113.188"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598831/; classtype:trojan-activity;sid:84461931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.218.2"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598830/; classtype:trojan-activity;sid:84461930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.49.65"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598829/; classtype:trojan-activity;sid:84461929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.246.71.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598828/; classtype:trojan-activity;sid:84461928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.113.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598827/; classtype:trojan-activity;sid:84461927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.113.188"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598826/; classtype:trojan-activity;sid:84461926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.229.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598825/; classtype:trojan-activity;sid:84461925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.164.127.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598824/; classtype:trojan-activity;sid:84461924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.188.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598823/; classtype:trojan-activity;sid:84461923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.38.245.143"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598822/; classtype:trojan-activity;sid:84461922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.149.83"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598821/; classtype:trojan-activity;sid:84461921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.207.28"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598819/; classtype:trojan-activity;sid:84461919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.164.127.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598820/; classtype:trojan-activity;sid:84461920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.116.186"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598818/; classtype:trojan-activity;sid:84461918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.246.71.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598817/; classtype:trojan-activity;sid:84461917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"54.89.193.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598815/; classtype:trojan-activity;sid:84461915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.214.172.184"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598816/; classtype:trojan-activity;sid:84461916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.29.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598814/; classtype:trojan-activity;sid:84461914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"111.229.151.200"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598813/; classtype:trojan-activity;sid:84461913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.43.18.10"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598811/; classtype:trojan-activity;sid:84461911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"98.142.241.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598812/; classtype:trojan-activity;sid:84461912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.208.90.43"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598810/; classtype:trojan-activity;sid:84461910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.165.185.115"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598809/; classtype:trojan-activity;sid:84461909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.157.28.21"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598808/; classtype:trojan-activity;sid:84461908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.177.175.43"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598807/; classtype:trojan-activity;sid:84461907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.233.179.208"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598805/; classtype:trojan-activity;sid:84461905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.73.82.226"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598806/; classtype:trojan-activity;sid:84461906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.150.133.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598801/; classtype:trojan-activity;sid:84461901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.116.85.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598802/; classtype:trojan-activity;sid:84461902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.30.38.209"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598803/; classtype:trojan-activity;sid:84461903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"69.121.69.155"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598804/; classtype:trojan-activity;sid:84461904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.73.162.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598800/; classtype:trojan-activity;sid:84461900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"171.235.236.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598795/; classtype:trojan-activity;sid:84461895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"60.43.125.140"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598796/; classtype:trojan-activity;sid:84461896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"42.119.96.116"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598797/; classtype:trojan-activity;sid:84461897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.164.199.191"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598798/; classtype:trojan-activity;sid:84461898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"183.185.252.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598799/; classtype:trojan-activity;sid:84461899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"94.44.136.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598790/; classtype:trojan-activity;sid:84461890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.40.119.248"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598791/; classtype:trojan-activity;sid:84461891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"152.173.221.97"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598792/; classtype:trojan-activity;sid:84461892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.50.103.42"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598793/; classtype:trojan-activity;sid:84461893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.185.118.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598794/; classtype:trojan-activity;sid:84461894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.170.186"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598786/; classtype:trojan-activity;sid:84461886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.137.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598787/; classtype:trojan-activity;sid:84461887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.181.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598788/; classtype:trojan-activity;sid:84461888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.158.243"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598789/; classtype:trojan-activity;sid:84461889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"78.51.179.1"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598785/; classtype:trojan-activity;sid:84461885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.99.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598784/; classtype:trojan-activity;sid:84461884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.220.154.162"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598783/; classtype:trojan-activity;sid:84461883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.229.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598782/; classtype:trojan-activity;sid:84461882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.29.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598781/; classtype:trojan-activity;sid:84461881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.181.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598780/; classtype:trojan-activity;sid:84461880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.15.172"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598779/; classtype:trojan-activity;sid:84461879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.67.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598778/; classtype:trojan-activity;sid:84461878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.99.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598777/; classtype:trojan-activity;sid:84461877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.136.27"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598776/; classtype:trojan-activity;sid:84461876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.103.35"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598775/; classtype:trojan-activity;sid:84461875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.214.244"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598773/; classtype:trojan-activity;sid:84461873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.220.154.162"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598774/; classtype:trojan-activity;sid:84461874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.103.35"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598772/; classtype:trojan-activity;sid:84461872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.217.90.212"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598771/; classtype:trojan-activity;sid:84461871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.91.143"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598770/; classtype:trojan-activity;sid:84461870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.229.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598769/; classtype:trojan-activity;sid:84461869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.136.27"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598768/; classtype:trojan-activity;sid:84461868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"184.171.219.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598767/; classtype:trojan-activity;sid:84461867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.217.90.212"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598766/; classtype:trojan-activity;sid:84461866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.134.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598765/; classtype:trojan-activity;sid:84461865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.91.143"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598764/; classtype:trojan-activity;sid:84461864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.85.56"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598763/; classtype:trojan-activity;sid:84461863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.187.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598762/; classtype:trojan-activity;sid:84461862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.95.44"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598761/; classtype:trojan-activity;sid:84461861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.214.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598760/; classtype:trojan-activity;sid:84461860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.85.56"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598759/; classtype:trojan-activity;sid:84461859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.229.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598758/; classtype:trojan-activity;sid:84461858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.37.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598757/; classtype:trojan-activity;sid:84461857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.187.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598756/; classtype:trojan-activity;sid:84461856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.125"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598755/; classtype:trojan-activity;sid:84461855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.9.19"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598754/; classtype:trojan-activity;sid:84461854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.111.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598753/; classtype:trojan-activity;sid:84461853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.146.245.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598752/; classtype:trojan-activity;sid:84461852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.9.19"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598751/; classtype:trojan-activity;sid:84461851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.125"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598750/; classtype:trojan-activity;sid:84461850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/cv/optimized_msi.png"; depth:27; endswith; nocase; http.host; content:"198.55.102.200"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598749/; classtype:trojan-activity;sid:84461849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_6303d8d21cd347309ec5d1a795c12652.txt"; depth:45; endswith; nocase; http.host; content:"198.55.102.200"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598748/; classtype:trojan-activity;sid:84461848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_da90ceb22ec2484da19c49e0cbc4b372.txt"; depth:45; endswith; nocase; http.host; content:"198.55.102.200"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598747/; classtype:trojan-activity;sid:84461847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.242.185"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598746/; classtype:trojan-activity;sid:84461846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"172.94.95.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598745/; classtype:trojan-activity;sid:84461845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.111.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598744/; classtype:trojan-activity;sid:84461844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.146.245.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598743/; classtype:trojan-activity;sid:84461843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.148"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598742/; classtype:trojan-activity;sid:84461842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.116.70"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598741/; classtype:trojan-activity;sid:84461841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.225.195"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598740/; classtype:trojan-activity;sid:84461840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.24.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598739/; classtype:trojan-activity;sid:84461839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.9.34.23"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598738/; classtype:trojan-activity;sid:84461838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.217.225"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598737/; classtype:trojan-activity;sid:84461837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.107.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598736/; classtype:trojan-activity;sid:84461836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.102.198"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598735/; classtype:trojan-activity;sid:84461835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.93.68"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598734/; classtype:trojan-activity;sid:84461834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.225.195"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598733/; classtype:trojan-activity;sid:84461833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.217.225"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598732/; classtype:trojan-activity;sid:84461832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.102.198"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598731/; classtype:trojan-activity;sid:84461831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atomips"; depth:15; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598730/; classtype:trojan-activity;sid:84461830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atompsl"; depth:15; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598729/; classtype:trojan-activity;sid:84461829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atosh4"; depth:14; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598727/; classtype:trojan-activity;sid:84461827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atox64"; depth:14; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598728/; classtype:trojan-activity;sid:84461828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atoppc"; depth:14; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598720/; classtype:trojan-activity;sid:84461820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atoarm"; depth:14; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598721/; classtype:trojan-activity;sid:84461821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atom68k"; depth:15; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598722/; classtype:trojan-activity;sid:84461822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atoarm5"; depth:15; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598723/; classtype:trojan-activity;sid:84461823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atoarm6"; depth:15; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598724/; classtype:trojan-activity;sid:84461824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598725/; classtype:trojan-activity;sid:84461825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atospc"; depth:14; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598726/; classtype:trojan-activity;sid:84461826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atoarm7"; depth:15; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598718/; classtype:trojan-activity;sid:84461818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atox86"; depth:14; endswith; nocase; http.host; content:"phpmyadmin.hebergement.ml-shop-fr.com"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598719/; classtype:trojan-activity;sid:84461819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/752795307/ml43hc6.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598717/; classtype:trojan-activity;sid:84461817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7382018045/vsvvib9.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598716/; classtype:trojan-activity;sid:84461816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5938104219/48qkwkr.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598715/; classtype:trojan-activity;sid:84461815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598714/; classtype:trojan-activity;sid:84461814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.215.40"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598713/; classtype:trojan-activity;sid:84461813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598707/; classtype:trojan-activity;sid:84461807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598708/; classtype:trojan-activity;sid:84461808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598709/; classtype:trojan-activity;sid:84461809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598710/; classtype:trojan-activity;sid:84461810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arc"; depth:8; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598711/; classtype:trojan-activity;sid:84461811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.powerpc"; depth:12; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598712/; classtype:trojan-activity;sid:84461812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr.sh"; depth:7; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598703/; classtype:trojan-activity;sid:84461803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598704/; classtype:trojan-activity;sid:84461804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598705/; classtype:trojan-activity;sid:84461805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598706/; classtype:trojan-activity;sid:84461806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i686"; depth:9; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598699/; classtype:trojan-activity;sid:84461799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sparc"; depth:10; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598700/; classtype:trojan-activity;sid:84461800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mipsel"; depth:11; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598701/; classtype:trojan-activity;sid:84461801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_32"; depth:11; endswith; nocase; http.host; content:"botnetszx.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598702/; classtype:trojan-activity;sid:84461802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.9.34.23"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598698/; classtype:trojan-activity;sid:84461798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598689/; classtype:trojan-activity;sid:84461789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"mc.horror1010.64bit.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598690/; classtype:trojan-activity;sid:84461790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr.sh"; depth:7; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598691/; classtype:trojan-activity;sid:84461791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598692/; classtype:trojan-activity;sid:84461792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598693/; classtype:trojan-activity;sid:84461793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.191.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598694/; classtype:trojan-activity;sid:84461794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.168.209"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598695/; classtype:trojan-activity;sid:84461795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.207.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598696/; classtype:trojan-activity;sid:84461796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598697/; classtype:trojan-activity;sid:84461797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.powerpc"; depth:12; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598686/; classtype:trojan-activity;sid:84461786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mipsel"; depth:11; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598687/; classtype:trojan-activity;sid:84461787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sparc"; depth:10; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598688/; classtype:trojan-activity;sid:84461788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i686"; depth:9; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598683/; classtype:trojan-activity;sid:84461783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arc"; depth:8; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598684/; classtype:trojan-activity;sid:84461784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_32"; depth:11; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598685/; classtype:trojan-activity;sid:84461785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"mc.horror1010.64bit.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598681/; classtype:trojan-activity;sid:84461781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"mc.horror1010.64bit.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598682/; classtype:trojan-activity;sid:84461782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"mc.horror1010.64bit.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598680/; classtype:trojan-activity;sid:84461780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"mc.horror1010.64bit.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598674/; classtype:trojan-activity;sid:84461774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"mc.horror1010.64bit.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598675/; classtype:trojan-activity;sid:84461775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"mc.horror1010.64bit.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598676/; classtype:trojan-activity;sid:84461776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"mc.horror1010.64bit.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598677/; classtype:trojan-activity;sid:84461777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"mc.horror1010.64bit.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598678/; classtype:trojan-activity;sid:84461778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"mc.horror1010.64bit.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598679/; classtype:trojan-activity;sid:84461779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.209.130"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598673/; classtype:trojan-activity;sid:84461773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.13.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598672/; classtype:trojan-activity;sid:84461772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.207.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598671/; classtype:trojan-activity;sid:84461771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.168.209"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598670/; classtype:trojan-activity;sid:84461770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.183.102"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598669/; classtype:trojan-activity;sid:84461769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.209.130"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598668/; classtype:trojan-activity;sid:84461768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.253.220"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598667/; classtype:trojan-activity;sid:84461767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.13.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598666/; classtype:trojan-activity;sid:84461766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"172.94.95.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598665/; classtype:trojan-activity;sid:84461765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"172.94.95.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598663/; classtype:trojan-activity;sid:84461763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"172.94.95.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598664/; classtype:trojan-activity;sid:84461764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.134.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598662/; classtype:trojan-activity;sid:84461762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"172.94.95.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598659/; classtype:trojan-activity;sid:84461759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"172.94.95.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598660/; classtype:trojan-activity;sid:84461760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"172.94.95.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598661/; classtype:trojan-activity;sid:84461761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.154.118"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598658/; classtype:trojan-activity;sid:84461758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"172.94.95.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598655/; classtype:trojan-activity;sid:84461755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"172.94.95.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598656/; classtype:trojan-activity;sid:84461756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"172.94.95.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598657/; classtype:trojan-activity;sid:84461757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.152.85"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598654/; classtype:trojan-activity;sid:84461754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.190.170"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598647/; classtype:trojan-activity;sid:84461747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.23.175"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598648/; classtype:trojan-activity;sid:84461748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.109.200.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598649/; classtype:trojan-activity;sid:84461749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.207.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598650/; classtype:trojan-activity;sid:84461750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.225.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598651/; classtype:trojan-activity;sid:84461751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.8.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598652/; classtype:trojan-activity;sid:84461752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.86.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598653/; classtype:trojan-activity;sid:84461753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"172.94.95.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598642/; classtype:trojan-activity;sid:84461742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.140.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598643/; classtype:trojan-activity;sid:84461743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598644/; classtype:trojan-activity;sid:84461744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"167.172.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598645/; classtype:trojan-activity;sid:84461745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.217.54"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598646/; classtype:trojan-activity;sid:84461746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.37.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598640/; classtype:trojan-activity;sid:84461740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.255.156"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598641/; classtype:trojan-activity;sid:84461741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.134.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598639/; classtype:trojan-activity;sid:84461739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.223.188"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598638/; classtype:trojan-activity;sid:84461738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.86.55"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598637/; classtype:trojan-activity;sid:84461737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.123.64"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598636/; classtype:trojan-activity;sid:84461736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.112.25"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598635/; classtype:trojan-activity;sid:84461735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598624/; classtype:trojan-activity;sid:84461724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.200.218"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598625/; classtype:trojan-activity;sid:84461725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/root"; depth:9; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598626/; classtype:trojan-activity;sid:84461726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/sh4"; depth:8; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598627/; classtype:trojan-activity;sid:84461727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/ppc"; depth:8; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598628/; classtype:trojan-activity;sid:84461728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/m68k"; depth:9; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598629/; classtype:trojan-activity;sid:84461729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/mpsl"; depth:9; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598630/; classtype:trojan-activity;sid:84461730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/spc"; depth:8; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598631/; classtype:trojan-activity;sid:84461731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/1.sh"; depth:9; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598632/; classtype:trojan-activity;sid:84461732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm6"; depth:9; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598633/; classtype:trojan-activity;sid:84461733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.231.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598634/; classtype:trojan-activity;sid:84461734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arm7"; depth:9; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598623/; classtype:trojan-activity;sid:84461723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.208.25"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598622/; classtype:trojan-activity;sid:84461722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.21.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598616/; classtype:trojan-activity;sid:84461716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/yarn"; depth:9; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598617/; classtype:trojan-activity;sid:84461717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/rtk"; depth:8; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598618/; classtype:trojan-activity;sid:84461718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.192.255.156"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598619/; classtype:trojan-activity;sid:84461719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/zte"; depth:8; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598620/; classtype:trojan-activity;sid:84461720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/arc"; depth:8; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598621/; classtype:trojan-activity;sid:84461721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598614/; classtype:trojan-activity;sid:84461714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.86"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598615/; classtype:trojan-activity;sid:84461715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pulse"; depth:6; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598613/; classtype:trojan-activity;sid:84461713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598612/; classtype:trojan-activity;sid:84461712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598611/; classtype:trojan-activity;sid:84461711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598610/; classtype:trojan-activity;sid:84461710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598609/; classtype:trojan-activity;sid:84461709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598606/; classtype:trojan-activity;sid:84461706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598607/; classtype:trojan-activity;sid:84461707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598608/; classtype:trojan-activity;sid:84461708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598595/; classtype:trojan-activity;sid:84461695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.0.136.205"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598596/; classtype:trojan-activity;sid:84461696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598597/; classtype:trojan-activity;sid:84461697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pulse"; depth:6; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598598/; classtype:trojan-activity;sid:84461698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598599/; classtype:trojan-activity;sid:84461699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598600/; classtype:trojan-activity;sid:84461700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598601/; classtype:trojan-activity;sid:84461701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnap"; depth:5; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598602/; classtype:trojan-activity;sid:84461702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; depth:71; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598603/; classtype:trojan-activity;sid:84461703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598604/; classtype:trojan-activity;sid:84461704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598605/; classtype:trojan-activity;sid:84461705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598590/; classtype:trojan-activity;sid:84461690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598591/; classtype:trojan-activity;sid:84461691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598592/; classtype:trojan-activity;sid:84461692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598593/; classtype:trojan-activity;sid:84461693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598594/; classtype:trojan-activity;sid:84461694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598585/; classtype:trojan-activity;sid:84461685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598586/; classtype:trojan-activity;sid:84461686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598587/; classtype:trojan-activity;sid:84461687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598588/; classtype:trojan-activity;sid:84461688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598589/; classtype:trojan-activity;sid:84461689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598578/; classtype:trojan-activity;sid:84461678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598579/; classtype:trojan-activity;sid:84461679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598580/; classtype:trojan-activity;sid:84461680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pulse"; depth:6; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598581/; classtype:trojan-activity;sid:84461681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598582/; classtype:trojan-activity;sid:84461682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598583/; classtype:trojan-activity;sid:84461683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598584/; classtype:trojan-activity;sid:84461684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pulse"; depth:6; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598572/; classtype:trojan-activity;sid:84461672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598573/; classtype:trojan-activity;sid:84461673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598574/; classtype:trojan-activity;sid:84461674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598575/; classtype:trojan-activity;sid:84461675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598576/; classtype:trojan-activity;sid:84461676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnap"; depth:5; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598577/; classtype:trojan-activity;sid:84461677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598570/; classtype:trojan-activity;sid:84461670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598571/; classtype:trojan-activity;sid:84461671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598567/; classtype:trojan-activity;sid:84461667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598568/; classtype:trojan-activity;sid:84461668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598569/; classtype:trojan-activity;sid:84461669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598563/; classtype:trojan-activity;sid:84461663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598564/; classtype:trojan-activity;sid:84461664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598565/; classtype:trojan-activity;sid:84461665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598566/; classtype:trojan-activity;sid:84461666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.135.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598558/; classtype:trojan-activity;sid:84461658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598559/; classtype:trojan-activity;sid:84461659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598560/; classtype:trojan-activity;sid:84461660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnap"; depth:5; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598561/; classtype:trojan-activity;sid:84461661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnap"; depth:5; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598562/; classtype:trojan-activity;sid:84461662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598557/; classtype:trojan-activity;sid:84461657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598556/; classtype:trojan-activity;sid:84461656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; depth:71; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598555/; classtype:trojan-activity;sid:84461655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; depth:70; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598554/; classtype:trojan-activity;sid:84461654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; depth:71; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598553/; classtype:trojan-activity;sid:84461653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; depth:71; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598552/; classtype:trojan-activity;sid:84461652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; depth:71; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598551/; classtype:trojan-activity;sid:84461651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; depth:70; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598545/; classtype:trojan-activity;sid:84461645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; depth:71; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598546/; classtype:trojan-activity;sid:84461646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.106.42"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598547/; classtype:trojan-activity;sid:84461647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.162.12"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598548/; classtype:trojan-activity;sid:84461648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; depth:70; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598549/; classtype:trojan-activity;sid:84461649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; depth:70; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598550/; classtype:trojan-activity;sid:84461650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:71; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598537/; classtype:trojan-activity;sid:84461637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; depth:70; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598538/; classtype:trojan-activity;sid:84461638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; depth:70; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598539/; classtype:trojan-activity;sid:84461639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; depth:70; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598540/; classtype:trojan-activity;sid:84461640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; depth:70; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598541/; classtype:trojan-activity;sid:84461641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; depth:71; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598542/; classtype:trojan-activity;sid:84461642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; depth:71; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598543/; classtype:trojan-activity;sid:84461643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; depth:70; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598544/; classtype:trojan-activity;sid:84461644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; depth:70; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598529/; classtype:trojan-activity;sid:84461629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:71; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598530/; classtype:trojan-activity;sid:84461630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; depth:70; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598531/; classtype:trojan-activity;sid:84461631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; depth:71; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598532/; classtype:trojan-activity;sid:84461632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; depth:70; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598533/; classtype:trojan-activity;sid:84461633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; depth:71; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598534/; classtype:trojan-activity;sid:84461634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; depth:71; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598535/; classtype:trojan-activity;sid:84461635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; depth:70; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598536/; classtype:trojan-activity;sid:84461636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; depth:71; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598520/; classtype:trojan-activity;sid:84461620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; depth:70; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598521/; classtype:trojan-activity;sid:84461621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; depth:71; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598522/; classtype:trojan-activity;sid:84461622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; depth:70; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598523/; classtype:trojan-activity;sid:84461623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; depth:71; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598524/; classtype:trojan-activity;sid:84461624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:71; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598525/; classtype:trojan-activity;sid:84461625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; depth:71; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598526/; classtype:trojan-activity;sid:84461626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; depth:71; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598527/; classtype:trojan-activity;sid:84461627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; depth:70; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598528/; classtype:trojan-activity;sid:84461628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; depth:70; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598518/; classtype:trojan-activity;sid:84461618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; depth:71; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598519/; classtype:trojan-activity;sid:84461619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; depth:71; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598513/; classtype:trojan-activity;sid:84461613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; depth:70; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598514/; classtype:trojan-activity;sid:84461614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; depth:70; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598515/; classtype:trojan-activity;sid:84461615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; depth:70; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598516/; classtype:trojan-activity;sid:84461616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; depth:70; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598517/; classtype:trojan-activity;sid:84461617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; depth:71; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598512/; classtype:trojan-activity;sid:84461612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; depth:71; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598504/; classtype:trojan-activity;sid:84461604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; depth:70; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598505/; classtype:trojan-activity;sid:84461605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; depth:71; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598506/; classtype:trojan-activity;sid:84461606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; depth:71; endswith; nocase; http.host; content:"taizi.fdstat.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598507/; classtype:trojan-activity;sid:84461607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; depth:70; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598508/; classtype:trojan-activity;sid:84461608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:71; endswith; nocase; http.host; content:"fdstat.vip"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598509/; classtype:trojan-activity;sid:84461609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; depth:71; endswith; nocase; http.host; content:"scan.fdstat.vip"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598510/; classtype:trojan-activity;sid:84461610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; depth:70; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598511/; classtype:trojan-activity;sid:84461611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; depth:71; endswith; nocase; http.host; content:"ccn.fdstat.vip"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598503/; classtype:trojan-activity;sid:84461603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.127.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598502/; classtype:trojan-activity;sid:84461602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bpkyjaubb.txt"; depth:14; endswith; nocase; http.host; content:"196.251.86.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598501/; classtype:trojan-activity;sid:84461601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598496/; classtype:trojan-activity;sid:84461596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598497/; classtype:trojan-activity;sid:84461597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pulse"; depth:6; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598498/; classtype:trojan-activity;sid:84461598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598499/; classtype:trojan-activity;sid:84461599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598500/; classtype:trojan-activity;sid:84461600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598495/; classtype:trojan-activity;sid:84461595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598492/; classtype:trojan-activity;sid:84461592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598493/; classtype:trojan-activity;sid:84461593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598494/; classtype:trojan-activity;sid:84461594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598489/; classtype:trojan-activity;sid:84461589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnap"; depth:5; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598490/; classtype:trojan-activity;sid:84461590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598491/; classtype:trojan-activity;sid:84461591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598488/; classtype:trojan-activity;sid:84461588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598487/; classtype:trojan-activity;sid:84461587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598485/; classtype:trojan-activity;sid:84461585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.56.47"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598486/; classtype:trojan-activity;sid:84461586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.x86"; depth:16; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598484/; classtype:trojan-activity;sid:84461584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.ppc"; depth:16; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598483/; classtype:trojan-activity;sid:84461583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598481/; classtype:trojan-activity;sid:84461581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598482/; classtype:trojan-activity;sid:84461582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.i686"; depth:17; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598477/; classtype:trojan-activity;sid:84461577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boatnet.sh4"; depth:12; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598478/; classtype:trojan-activity;sid:84461578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598479/; classtype:trojan-activity;sid:84461579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.i486"; depth:17; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598480/; classtype:trojan-activity;sid:84461580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598449/; classtype:trojan-activity;sid:84461549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598450/; classtype:trojan-activity;sid:84461550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.spc"; depth:16; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598451/; classtype:trojan-activity;sid:84461551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598452/; classtype:trojan-activity;sid:84461552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598453/; classtype:trojan-activity;sid:84461553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.arm6"; depth:17; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598454/; classtype:trojan-activity;sid:84461554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598455/; classtype:trojan-activity;sid:84461555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.mpsl"; depth:17; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598456/; classtype:trojan-activity;sid:84461556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.arm5"; depth:17; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598457/; classtype:trojan-activity;sid:84461557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.m68k"; depth:17; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598458/; classtype:trojan-activity;sid:84461558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.arm"; depth:16; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598459/; classtype:trojan-activity;sid:84461559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598460/; classtype:trojan-activity;sid:84461560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598461/; classtype:trojan-activity;sid:84461561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598462/; classtype:trojan-activity;sid:84461562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.x86_64"; depth:19; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598463/; classtype:trojan-activity;sid:84461563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598464/; classtype:trojan-activity;sid:84461564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598465/; classtype:trojan-activity;sid:84461565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598466/; classtype:trojan-activity;sid:84461566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.arm7"; depth:17; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598467/; classtype:trojan-activity;sid:84461567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598468/; classtype:trojan-activity;sid:84461568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598469/; classtype:trojan-activity;sid:84461569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598470/; classtype:trojan-activity;sid:84461570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.i386"; depth:17; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598471/; classtype:trojan-activity;sid:84461571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.arc"; depth:16; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598472/; classtype:trojan-activity;sid:84461572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598473/; classtype:trojan-activity;sid:84461573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598474/; classtype:trojan-activity;sid:84461574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.i586"; depth:17; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598475/; classtype:trojan-activity;sid:84461575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598476/; classtype:trojan-activity;sid:84461576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598443/; classtype:trojan-activity;sid:84461543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598444/; classtype:trojan-activity;sid:84461544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598445/; classtype:trojan-activity;sid:84461545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.x86-debug"; depth:22; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598446/; classtype:trojan-activity;sid:84461546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.mips"; depth:17; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598447/; classtype:trojan-activity;sid:84461547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598448/; classtype:trojan-activity;sid:84461548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86-debug"; depth:28; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598441/; classtype:trojan-activity;sid:84461541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"raw.vaticanc2.top"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598442/; classtype:trojan-activity;sid:84461542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.106.42"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598440/; classtype:trojan-activity;sid:84461540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.132.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598439/; classtype:trojan-activity;sid:84461539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arc"; depth:25; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598436/; classtype:trojan-activity;sid:84461536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.194.118"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598437/; classtype:trojan-activity;sid:84461537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.5.16"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598438/; classtype:trojan-activity;sid:84461538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598419/; classtype:trojan-activity;sid:84461519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598420/; classtype:trojan-activity;sid:84461520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598421/; classtype:trojan-activity;sid:84461521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598422/; classtype:trojan-activity;sid:84461522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598423/; classtype:trojan-activity;sid:84461523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598424/; classtype:trojan-activity;sid:84461524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598425/; classtype:trojan-activity;sid:84461525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598426/; classtype:trojan-activity;sid:84461526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598427/; classtype:trojan-activity;sid:84461527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598428/; classtype:trojan-activity;sid:84461528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598429/; classtype:trojan-activity;sid:84461529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598430/; classtype:trojan-activity;sid:84461530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598431/; classtype:trojan-activity;sid:84461531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598432/; classtype:trojan-activity;sid:84461532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598433/; classtype:trojan-activity;sid:84461533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598434/; classtype:trojan-activity;sid:84461534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598435/; classtype:trojan-activity;sid:84461535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598417/; classtype:trojan-activity;sid:84461517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598418/; classtype:trojan-activity;sid:84461518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598416/; classtype:trojan-activity;sid:84461516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/debug"; depth:21; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598415/; classtype:trojan-activity;sid:84461515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598409/; classtype:trojan-activity;sid:84461509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598410/; classtype:trojan-activity;sid:84461510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598411/; classtype:trojan-activity;sid:84461511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598412/; classtype:trojan-activity;sid:84461512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598413/; classtype:trojan-activity;sid:84461513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598414/; classtype:trojan-activity;sid:84461514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598407/; classtype:trojan-activity;sid:84461507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598408/; classtype:trojan-activity;sid:84461508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598404/; classtype:trojan-activity;sid:84461504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598405/; classtype:trojan-activity;sid:84461505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"boatn1941.ddns.net"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598406/; classtype:trojan-activity;sid:84461506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598403/; classtype:trojan-activity;sid:84461503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.182.246"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598402/; classtype:trojan-activity;sid:84461502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.127.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598401/; classtype:trojan-activity;sid:84461501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598400/; classtype:trojan-activity;sid:84461500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab.sh"; depth:6; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598399/; classtype:trojan-activity;sid:84461499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598398/; classtype:trojan-activity;sid:84461498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598395/; classtype:trojan-activity;sid:84461495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598396/; classtype:trojan-activity;sid:84461496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm4"; depth:9; endswith; nocase; http.host; content:"66.63.187.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598397/; classtype:trojan-activity;sid:84461497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.182.246"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598393/; classtype:trojan-activity;sid:84461493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.67.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598394/; classtype:trojan-activity;sid:84461494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.183.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598392/; classtype:trojan-activity;sid:84461492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.139.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598391/; classtype:trojan-activity;sid:84461491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.135.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598390/; classtype:trojan-activity;sid:84461490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598389/; classtype:trojan-activity;sid:84461489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_spc"; depth:9; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598388/; classtype:trojan-activity;sid:84461488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598387/; classtype:trojan-activity;sid:84461487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123.sh"; depth:7; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598385/; classtype:trojan-activity;sid:84461485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598386/; classtype:trojan-activity;sid:84461486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598384/; classtype:trojan-activity;sid:84461484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598383/; classtype:trojan-activity;sid:84461483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598381/; classtype:trojan-activity;sid:84461481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598382/; classtype:trojan-activity;sid:84461482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598377/; classtype:trojan-activity;sid:84461477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598378/; classtype:trojan-activity;sid:84461478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598379/; classtype:trojan-activity;sid:84461479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598380/; classtype:trojan-activity;sid:84461480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"botnet.eu.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598376/; classtype:trojan-activity;sid:84461476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.190.103"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598374/; classtype:trojan-activity;sid:84461474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14/items/msi_20250801/msi.png"; depth:30; endswith; nocase; http.host; content:"ia903206.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598373/; classtype:trojan-activity;sid:84461473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.183.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598372/; classtype:trojan-activity;sid:84461472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/oqm845xl/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598371/; classtype:trojan-activity;sid:84461471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/arm5"; depth:10; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598369/; classtype:trojan-activity;sid:84461469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/get|3f|filekey=4mg89gp3e7akkcwqqgvgxbd3tchcqzcuiqrhll9-zvzyei1qckcwr6w|7c|26|7c|skipreg=true|7c|26|7c|pk_vid=31b70f9689ef41a717539904678784ad/"; depth:152; endswith; nocase; http.host; content:"1005.filemail.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598370/; classtype:trojan-activity;sid:84461470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/q9iwqaza/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598368/; classtype:trojan-activity;sid:84461468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/233/caree/wennedrightpersontoanswerforbestfeautrestogivenmebest_________wennedrightpersontoanswerforbestfeautrestogivenmebest________wennedrightpersontoanswerforbestfeautrestogivenmebest.doc"; depth:191; endswith; nocase; http.host; content:"107.172.238.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598367/; classtype:trojan-activity;sid:84461467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/233/wennedrightpersontoanswerforbestfeautrestogivenmebest.vbs"; depth:62; endswith; nocase; http.host; content:"107.172.238.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598366/; classtype:trojan-activity;sid:84461466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/msi_20250801/msi.png"; depth:30; endswith; nocase; http.host; content:"archive.org"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598365/; classtype:trojan-activity;sid:84461465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598363/; classtype:trojan-activity;sid:84461463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598364/; classtype:trojan-activity;sid:84461464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598357/; classtype:trojan-activity;sid:84461457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598358/; classtype:trojan-activity;sid:84461458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598359/; classtype:trojan-activity;sid:84461459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598360/; classtype:trojan-activity;sid:84461460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598361/; classtype:trojan-activity;sid:84461461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598362/; classtype:trojan-activity;sid:84461462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598356/; classtype:trojan-activity;sid:84461456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.6.169.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598355/; classtype:trojan-activity;sid:84461455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598352/; classtype:trojan-activity;sid:84461452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598353/; classtype:trojan-activity;sid:84461453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598354/; classtype:trojan-activity;sid:84461454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598351/; classtype:trojan-activity;sid:84461451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598344/; classtype:trojan-activity;sid:84461444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598345/; classtype:trojan-activity;sid:84461445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598346/; classtype:trojan-activity;sid:84461446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598347/; classtype:trojan-activity;sid:84461447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598348/; classtype:trojan-activity;sid:84461448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598349/; classtype:trojan-activity;sid:84461449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598350/; classtype:trojan-activity;sid:84461450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/arm6"; depth:10; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598341/; classtype:trojan-activity;sid:84461441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598342/; classtype:trojan-activity;sid:84461442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598343/; classtype:trojan-activity;sid:84461443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598340/; classtype:trojan-activity;sid:84461440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598335/; classtype:trojan-activity;sid:84461435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598336/; classtype:trojan-activity;sid:84461436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598337/; classtype:trojan-activity;sid:84461437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598338/; classtype:trojan-activity;sid:84461438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598339/; classtype:trojan-activity;sid:84461439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/x86_64"; depth:12; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598333/; classtype:trojan-activity;sid:84461433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598334/; classtype:trojan-activity;sid:84461434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598323/; classtype:trojan-activity;sid:84461423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598324/; classtype:trojan-activity;sid:84461424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/i686"; depth:10; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598325/; classtype:trojan-activity;sid:84461425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598326/; classtype:trojan-activity;sid:84461426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598327/; classtype:trojan-activity;sid:84461427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598328/; classtype:trojan-activity;sid:84461428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598329/; classtype:trojan-activity;sid:84461429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598330/; classtype:trojan-activity;sid:84461430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/sh4"; depth:9; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598331/; classtype:trojan-activity;sid:84461431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.226.174.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598332/; classtype:trojan-activity;sid:84461432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/mips"; depth:10; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598316/; classtype:trojan-activity;sid:84461416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/arm7"; depth:10; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598317/; classtype:trojan-activity;sid:84461417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/x86"; depth:9; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598318/; classtype:trojan-activity;sid:84461418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/m68k"; depth:10; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598319/; classtype:trojan-activity;sid:84461419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598320/; classtype:trojan-activity;sid:84461420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598321/; classtype:trojan-activity;sid:84461421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598322/; classtype:trojan-activity;sid:84461422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/arm4"; depth:10; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598307/; classtype:trojan-activity;sid:84461407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/ppc"; depth:9; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598308/; classtype:trojan-activity;sid:84461408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598309/; classtype:trojan-activity;sid:84461409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598310/; classtype:trojan-activity;sid:84461410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598311/; classtype:trojan-activity;sid:84461411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598312/; classtype:trojan-activity;sid:84461412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598313/; classtype:trojan-activity;sid:84461413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598314/; classtype:trojan-activity;sid:84461414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598315/; classtype:trojan-activity;sid:84461415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598301/; classtype:trojan-activity;sid:84461401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"snoopdogweedhitler.comslut.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598302/; classtype:trojan-activity;sid:84461402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/mpsl"; depth:10; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598303/; classtype:trojan-activity;sid:84461403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598304/; classtype:trojan-activity;sid:84461404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598305/; classtype:trojan-activity;sid:84461405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"eteryum.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598306/; classtype:trojan-activity;sid:84461406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598299/; classtype:trojan-activity;sid:84461399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"zazadawg.comslut.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598300/; classtype:trojan-activity;sid:84461400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"nigger.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598298/; classtype:trojan-activity;sid:84461398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.126"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598297/; classtype:trojan-activity;sid:84461397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.139.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598296/; classtype:trojan-activity;sid:84461396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"196.251.86.86"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598294/; classtype:trojan-activity;sid:84461394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64"; depth:7; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598295/; classtype:trojan-activity;sid:84461395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598293/; classtype:trojan-activity;sid:84461393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598292/; classtype:trojan-activity;sid:84461392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598291/; classtype:trojan-activity;sid:84461391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598289/; classtype:trojan-activity;sid:84461389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598290/; classtype:trojan-activity;sid:84461390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598288/; classtype:trojan-activity;sid:84461388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598287/; classtype:trojan-activity;sid:84461387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598286/; classtype:trojan-activity;sid:84461386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598272/; classtype:trojan-activity;sid:84461372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598273/; classtype:trojan-activity;sid:84461373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598274/; classtype:trojan-activity;sid:84461374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598275/; classtype:trojan-activity;sid:84461375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598276/; classtype:trojan-activity;sid:84461376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598277/; classtype:trojan-activity;sid:84461377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598278/; classtype:trojan-activity;sid:84461378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598279/; classtype:trojan-activity;sid:84461379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598280/; classtype:trojan-activity;sid:84461380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598281/; classtype:trojan-activity;sid:84461381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598282/; classtype:trojan-activity;sid:84461382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598283/; classtype:trojan-activity;sid:84461383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598284/; classtype:trojan-activity;sid:84461384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598285/; classtype:trojan-activity;sid:84461385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598267/; classtype:trojan-activity;sid:84461367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"zazadawg3.comslut.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598268/; classtype:trojan-activity;sid:84461368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598269/; classtype:trojan-activity;sid:84461369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598270/; classtype:trojan-activity;sid:84461370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"faggot.comslut.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598271/; classtype:trojan-activity;sid:84461371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598266/; classtype:trojan-activity;sid:84461366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.67.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598265/; classtype:trojan-activity;sid:84461365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.194.30"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598264/; classtype:trojan-activity;sid:84461364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/500/ecvcc/greatskillwithbetterperofmanceofhtebstthingsonme________greatskillwithbetterperofmanceofhtebstthingsonme__________greatskillwithbetterperofmanceofhtebstthingsonme.doc"; depth:177; endswith; nocase; http.host; content:"172.96.172.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598263/; classtype:trojan-activity;sid:84461363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/500/greatskillwithbetterperofmanceofhtebstthingsonme.vbe"; depth:57; endswith; nocase; http.host; content:"172.96.172.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598262/; classtype:trojan-activity;sid:84461362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7sygcs"; depth:7; endswith; nocase; http.host; content:"link.sowl.to"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598261/; classtype:trojan-activity;sid:84461361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.116.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598260/; classtype:trojan-activity;sid:84461360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.241.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598259/; classtype:trojan-activity;sid:84461359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.81.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598258/; classtype:trojan-activity;sid:84461358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.126"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598257/; classtype:trojan-activity;sid:84461357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.32.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598256/; classtype:trojan-activity;sid:84461356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.115.200"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598255/; classtype:trojan-activity;sid:84461355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.217.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598254/; classtype:trojan-activity;sid:84461354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/link.sh"; depth:8; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598251/; classtype:trojan-activity;sid:84461351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598252/; classtype:trojan-activity;sid:84461352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet.sh"; depth:10; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598253/; classtype:trojan-activity;sid:84461353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598250/; classtype:trojan-activity;sid:84461350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.31.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598249/; classtype:trojan-activity;sid:84461349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598247/; classtype:trojan-activity;sid:84461347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598248/; classtype:trojan-activity;sid:84461348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598246/; classtype:trojan-activity;sid:84461346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598244/; classtype:trojan-activity;sid:84461344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598245/; classtype:trojan-activity;sid:84461345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598243/; classtype:trojan-activity;sid:84461343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598236/; classtype:trojan-activity;sid:84461336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/arm4"; depth:10; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598237/; classtype:trojan-activity;sid:84461337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/mips"; depth:10; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598238/; classtype:trojan-activity;sid:84461338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/i686"; depth:10; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598239/; classtype:trojan-activity;sid:84461339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598240/; classtype:trojan-activity;sid:84461340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/x86"; depth:9; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598241/; classtype:trojan-activity;sid:84461341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binz/mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.148.51"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598242/; classtype:trojan-activity;sid:84461342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.32.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598235/; classtype:trojan-activity;sid:84461335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.217.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598234/; classtype:trojan-activity;sid:84461334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.194.30"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598233/; classtype:trojan-activity;sid:84461333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.115.200"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598232/; classtype:trojan-activity;sid:84461332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.227.211"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598231/; classtype:trojan-activity;sid:84461331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.178.57"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598230/; classtype:trojan-activity;sid:84461330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.107.195"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598229/; classtype:trojan-activity;sid:84461329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.56.47"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598228/; classtype:trojan-activity;sid:84461328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.234.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598227/; classtype:trojan-activity;sid:84461327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.134.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598226/; classtype:trojan-activity;sid:84461326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.60.176.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598225/; classtype:trojan-activity;sid:84461325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.240.236"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598224/; classtype:trojan-activity;sid:84461324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.53.135"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598223/; classtype:trojan-activity;sid:84461323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.234.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598222/; classtype:trojan-activity;sid:84461322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.107.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598221/; classtype:trojan-activity;sid:84461321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.6.20"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598220/; classtype:trojan-activity;sid:84461320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.83.90"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598219/; classtype:trojan-activity;sid:84461319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.134.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598218/; classtype:trojan-activity;sid:84461318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.227.211"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598217/; classtype:trojan-activity;sid:84461317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.86.236"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598216/; classtype:trojan-activity;sid:84461316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.60.176.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598215/; classtype:trojan-activity;sid:84461315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.114.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598214/; classtype:trojan-activity;sid:84461314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.6.20"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598213/; classtype:trojan-activity;sid:84461313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.86.236"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598212/; classtype:trojan-activity;sid:84461312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.10.155.239"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598211/; classtype:trojan-activity;sid:84461311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.115.26"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598210/; classtype:trojan-activity;sid:84461310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.21.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598209/; classtype:trojan-activity;sid:84461309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.63.214"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598208/; classtype:trojan-activity;sid:84461308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.159.129"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598207/; classtype:trojan-activity;sid:84461307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598203/; classtype:trojan-activity;sid:84461303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.108.45.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598204/; classtype:trojan-activity;sid:84461304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.218.214.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598205/; classtype:trojan-activity;sid:84461305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.195.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598206/; classtype:trojan-activity;sid:84461306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.38.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598202/; classtype:trojan-activity;sid:84461302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.20.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598201/; classtype:trojan-activity;sid:84461301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.242.185"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598200/; classtype:trojan-activity;sid:84461300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.140.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598199/; classtype:trojan-activity;sid:84461299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.149.104"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598198/; classtype:trojan-activity;sid:84461298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.148.230.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598197/; classtype:trojan-activity;sid:84461297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.204.196.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598196/; classtype:trojan-activity;sid:84461296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.154.74"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598195/; classtype:trojan-activity;sid:84461295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.158.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598194/; classtype:trojan-activity;sid:84461294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.39.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598193/; classtype:trojan-activity;sid:84461293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.38.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598192/; classtype:trojan-activity;sid:84461292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598187/; classtype:trojan-activity;sid:84461287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598188/; classtype:trojan-activity;sid:84461288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598189/; classtype:trojan-activity;sid:84461289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598190/; classtype:trojan-activity;sid:84461290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598191/; classtype:trojan-activity;sid:84461291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598185/; classtype:trojan-activity;sid:84461285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598186/; classtype:trojan-activity;sid:84461286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598182/; classtype:trojan-activity;sid:84461282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598183/; classtype:trojan-activity;sid:84461283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86_64"; depth:73; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598184/; classtype:trojan-activity;sid:84461284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.158.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598181/; classtype:trojan-activity;sid:84461281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.148.230.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598180/; classtype:trojan-activity;sid:84461280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598179/; classtype:trojan-activity;sid:84461279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598177/; classtype:trojan-activity;sid:84461277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598178/; classtype:trojan-activity;sid:84461278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598164/; classtype:trojan-activity;sid:84461264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598165/; classtype:trojan-activity;sid:84461265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598166/; classtype:trojan-activity;sid:84461266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598167/; classtype:trojan-activity;sid:84461267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598168/; classtype:trojan-activity;sid:84461268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598169/; classtype:trojan-activity;sid:84461269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598170/; classtype:trojan-activity;sid:84461270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598171/; classtype:trojan-activity;sid:84461271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598172/; classtype:trojan-activity;sid:84461272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598173/; classtype:trojan-activity;sid:84461273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598174/; classtype:trojan-activity;sid:84461274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598175/; classtype:trojan-activity;sid:84461275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598176/; classtype:trojan-activity;sid:84461276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_a4d05b3731f8400aa87f427683a5b167.txt"; depth:45; endswith; nocase; http.host; content:"kasi.infinityfreeapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598163/; classtype:trojan-activity;sid:84461263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598161/; classtype:trojan-activity;sid:84461261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.114.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598162/; classtype:trojan-activity;sid:84461262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_76c2dd2401a8425a834c3d8a5866827b.txt"; depth:45; endswith; nocase; http.host; content:"kasi.infinityfreeapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598160/; classtype:trojan-activity;sid:84461260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_54bb688f02a24cd8b854151aafb2fc6b.txt"; depth:45; endswith; nocase; http.host; content:"kasi.infinityfreeapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598156/; classtype:trojan-activity;sid:84461256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_3157fc2382804c58a3cd1b70c5d39fe3.txt"; depth:45; endswith; nocase; http.host; content:"kasi.infinityfreeapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598157/; classtype:trojan-activity;sid:84461257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_1ff11d9632814482b64f47b2e197dbd6.txt"; depth:45; endswith; nocase; http.host; content:"kasi.infinityfreeapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598158/; classtype:trojan-activity;sid:84461258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_654a6d10e0484dd5a5335993c7bfb05d.txt"; depth:45; endswith; nocase; http.host; content:"kasi.infinityfreeapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598159/; classtype:trojan-activity;sid:84461259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.arm8"; depth:10; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598154/; classtype:trojan-activity;sid:84461254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598155/; classtype:trojan-activity;sid:84461255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598148/; classtype:trojan-activity;sid:84461248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598149/; classtype:trojan-activity;sid:84461249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598150/; classtype:trojan-activity;sid:84461250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598151/; classtype:trojan-activity;sid:84461251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598152/; classtype:trojan-activity;sid:84461252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598153/; classtype:trojan-activity;sid:84461253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598146/; classtype:trojan-activity;sid:84461246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598147/; classtype:trojan-activity;sid:84461247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598141/; classtype:trojan-activity;sid:84461241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598142/; classtype:trojan-activity;sid:84461242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598143/; classtype:trojan-activity;sid:84461243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598144/; classtype:trojan-activity;sid:84461244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598145/; classtype:trojan-activity;sid:84461245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; depth:87; endswith; nocase; http.host; content:"103.77.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598140/; classtype:trojan-activity;sid:84461240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.mips"; depth:10; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598139/; classtype:trojan-activity;sid:84461239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.arm7"; depth:10; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598131/; classtype:trojan-activity;sid:84461231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.mips64"; depth:12; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598132/; classtype:trojan-activity;sid:84461232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.mpsls"; depth:11; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598133/; classtype:trojan-activity;sid:84461233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.x64"; depth:9; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598134/; classtype:trojan-activity;sid:84461234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.mpsl64"; depth:12; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598135/; classtype:trojan-activity;sid:84461235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.riscv"; depth:11; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598136/; classtype:trojan-activity;sid:84461236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.mpsl"; depth:10; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598137/; classtype:trojan-activity;sid:84461237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.arm6"; depth:10; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598138/; classtype:trojan-activity;sid:84461238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.x86"; depth:9; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598128/; classtype:trojan-activity;sid:84461228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.arm5"; depth:10; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598129/; classtype:trojan-activity;sid:84461229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bizy.mipss"; depth:11; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598130/; classtype:trojan-activity;sid:84461230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.245.236"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598127/; classtype:trojan-activity;sid:84461227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.39.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598126/; classtype:trojan-activity;sid:84461226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.197.157.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598125/; classtype:trojan-activity;sid:84461225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.111.243.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598124/; classtype:trojan-activity;sid:84461224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.142.226"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598123/; classtype:trojan-activity;sid:84461223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.179.228.32"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598122/; classtype:trojan-activity;sid:84461222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.133.180"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598121/; classtype:trojan-activity;sid:84461221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.204.196.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598120/; classtype:trojan-activity;sid:84461220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.51.134"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598119/; classtype:trojan-activity;sid:84461219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.77.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598118/; classtype:trojan-activity;sid:84461218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.207.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598117/; classtype:trojan-activity;sid:84461217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.234.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598116/; classtype:trojan-activity;sid:84461216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.71.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598115/; classtype:trojan-activity;sid:84461215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598113/; classtype:trojan-activity;sid:84461213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598114/; classtype:trojan-activity;sid:84461214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598106/; classtype:trojan-activity;sid:84461206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598107/; classtype:trojan-activity;sid:84461207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598108/; classtype:trojan-activity;sid:84461208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598109/; classtype:trojan-activity;sid:84461209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598110/; classtype:trojan-activity;sid:84461210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598111/; classtype:trojan-activity;sid:84461211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598112/; classtype:trojan-activity;sid:84461212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598103/; classtype:trojan-activity;sid:84461203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598104/; classtype:trojan-activity;sid:84461204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598105/; classtype:trojan-activity;sid:84461205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598102/; classtype:trojan-activity;sid:84461202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"168.197.157.188"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598101/; classtype:trojan-activity;sid:84461201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.234.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598100/; classtype:trojan-activity;sid:84461200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.51.134"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598099/; classtype:trojan-activity;sid:84461199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.14.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598098/; classtype:trojan-activity;sid:84461198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.190.103"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598097/; classtype:trojan-activity;sid:84461197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_80bbcfffeb534e30b51bbe24d68437b0.txt"; depth:45; endswith; nocase; http.host; content:"historylab.infy.uk"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598095/; classtype:trojan-activity;sid:84461195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_c2ccfffcb9ad40b58fe72ca746f91d71.txt"; depth:45; endswith; nocase; http.host; content:"whiteness001.lovestoblog.com"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598096/; classtype:trojan-activity;sid:84461196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_07c55b394cf6440991dd7a61ad5d9691.txt"; depth:45; endswith; nocase; http.host; content:"nony2025.lovestoblog.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598094/; classtype:trojan-activity;sid:84461194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.27.40"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598092/; classtype:trojan-activity;sid:84461192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.255.230"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598093/; classtype:trojan-activity;sid:84461193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"184.171.219.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598091/; classtype:trojan-activity;sid:84461191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; depth:70; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598088/; classtype:trojan-activity;sid:84461188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:71; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598089/; classtype:trojan-activity;sid:84461189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; depth:70; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598090/; classtype:trojan-activity;sid:84461190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_e1311811a0a6498ea295f1b6056dceb5.txt"; depth:45; endswith; nocase; http.host; content:"historylab.infy.uk"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598085/; classtype:trojan-activity;sid:84461185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_716405ec3ca34a109af43720335591a7.txt"; depth:45; endswith; nocase; http.host; content:"whiteness001.lovestoblog.com"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598086/; classtype:trojan-activity;sid:84461186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_5dcd759d4b3647e7a385248cd31208e0.txt"; depth:45; endswith; nocase; http.host; content:"nony2025.lovestoblog.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598087/; classtype:trojan-activity;sid:84461187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; depth:70; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598084/; classtype:trojan-activity;sid:84461184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; depth:71; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598083/; classtype:trojan-activity;sid:84461183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; depth:70; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598082/; classtype:trojan-activity;sid:84461182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; depth:71; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598081/; classtype:trojan-activity;sid:84461181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; depth:70; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598079/; classtype:trojan-activity;sid:84461179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_251f9607c150463289f66d3565f37a9a.txt"; depth:45; endswith; nocase; http.host; content:"kasi.infinityfreeapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598080/; classtype:trojan-activity;sid:84461180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; depth:71; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598077/; classtype:trojan-activity;sid:84461177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598078/; classtype:trojan-activity;sid:84461178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; depth:71; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598075/; classtype:trojan-activity;sid:84461175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; depth:70; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598076/; classtype:trojan-activity;sid:84461176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; depth:71; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598074/; classtype:trojan-activity;sid:84461174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; depth:71; endswith; nocase; http.host; content:"213.209.150.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598073/; classtype:trojan-activity;sid:84461173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_4d83753013dc414b84f796a734333c2c.txt"; depth:45; endswith; nocase; http.host; content:"kasi.infinityfreeapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598072/; classtype:trojan-activity;sid:84461172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/msi-pro/msi_pro.jpg"; depth:29; endswith; nocase; http.host; content:"archive.org"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598071/; classtype:trojan-activity;sid:84461171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaybobo1/supplier/refs/heads/main/order-2025.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598070/; classtype:trojan-activity;sid:84461170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaybobo1/supplier/raw/refs/heads/main/po.exe"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598069/; classtype:trojan-activity;sid:84461169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.187.173"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598068/; classtype:trojan-activity;sid:84461168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaybobo1/supplier/raw/refs/heads/main/1n5hpxtzivrpei5.exe"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598067/; classtype:trojan-activity;sid:84461167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaybobo1/supplier/raw/refs/heads/main/order-2025.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598066/; classtype:trojan-activity;sid:84461166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaybobo1/supplier/raw/refs/heads/main/po_112.exe"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598063/; classtype:trojan-activity;sid:84461163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaybobo1/supplier/raw/refs/heads/main/order-49575.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598064/; classtype:trojan-activity;sid:84461164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaybobo1/supplier/raw/refs/heads/main/afqfc7p9rbi5wj0.scr"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598065/; classtype:trojan-activity;sid:84461165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.144.110"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598062/; classtype:trojan-activity;sid:84461162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.27.40"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598061/; classtype:trojan-activity;sid:84461161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaybobo1/supplier/refs/heads/main/po_112.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598060/; classtype:trojan-activity;sid:84461160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.255.230"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598059/; classtype:trojan-activity;sid:84461159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.189.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598058/; classtype:trojan-activity;sid:84461158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"164.90.171.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598048/; classtype:trojan-activity;sid:84461148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598049/; classtype:trojan-activity;sid:84461149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm4"; depth:15; endswith; nocase; http.host; content:"164.90.171.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598050/; classtype:trojan-activity;sid:84461150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"164.90.171.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598051/; classtype:trojan-activity;sid:84461151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598052/; classtype:trojan-activity;sid:84461152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"164.90.171.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598053/; classtype:trojan-activity;sid:84461153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598054/; classtype:trojan-activity;sid:84461154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598055/; classtype:trojan-activity;sid:84461155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"164.90.171.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598056/; classtype:trojan-activity;sid:84461156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598057/; classtype:trojan-activity;sid:84461157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598047/; classtype:trojan-activity;sid:84461147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8001"; depth:5; endswith; nocase; http.host; content:"43.249.172.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598046/; classtype:trojan-activity;sid:84461146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598045/; classtype:trojan-activity;sid:84461145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox.sh"; depth:11; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598035/; classtype:trojan-activity;sid:84461135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odin.spc"; depth:9; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598036/; classtype:trojan-activity;sid:84461136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598037/; classtype:trojan-activity;sid:84461137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odin.x86"; depth:9; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598038/; classtype:trojan-activity;sid:84461138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odin.mpsl"; depth:10; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598039/; classtype:trojan-activity;sid:84461139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598040/; classtype:trojan-activity;sid:84461140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598041/; classtype:trojan-activity;sid:84461141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598042/; classtype:trojan-activity;sid:84461142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odin.sh4"; depth:9; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598043/; classtype:trojan-activity;sid:84461143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odin.ppc"; depth:9; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598044/; classtype:trojan-activity;sid:84461144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odin.mips"; depth:10; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598034/; classtype:trojan-activity;sid:84461134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odin.m68k"; depth:10; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598033/; classtype:trojan-activity;sid:84461133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odin.arm5n"; depth:11; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598032/; classtype:trojan-activity;sid:84461132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odin.arm7"; depth:10; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598031/; classtype:trojan-activity;sid:84461131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.php|3f|call=seo"; depth:20; endswith; nocase; http.host; content:"erikobi.com"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598030/; classtype:trojan-activity;sid:84461130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarm4"; depth:6; endswith; nocase; http.host; content:"103.176.20.59"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598029/; classtype:trojan-activity;sid:84461129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xwget.sh"; depth:9; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598025/; classtype:trojan-activity;sid:84461125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarm7"; depth:6; endswith; nocase; http.host; content:"103.176.20.59"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598026/; classtype:trojan-activity;sid:84461126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarm5"; depth:6; endswith; nocase; http.host; content:"103.176.20.59"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598027/; classtype:trojan-activity;sid:84461127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xcurl.sh"; depth:9; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598028/; classtype:trojan-activity;sid:84461128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6817332825/1igdvxy.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598020/; classtype:trojan-activity;sid:84461120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.php|3f|call=seo"; depth:20; endswith; nocase; http.host; content:"mizunoaoi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598021/; classtype:trojan-activity;sid:84461121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.php|3f|call=seo"; depth:20; endswith; nocase; http.host; content:"letrucvert.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598022/; classtype:trojan-activity;sid:84461122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.php|3f|call=seo"; depth:20; endswith; nocase; http.host; content:"phannarith.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598023/; classtype:trojan-activity;sid:84461123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odin.arm"; depth:9; endswith; nocase; http.host; content:"213.209.150.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598024/; classtype:trojan-activity;sid:84461124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.151.197"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598019/; classtype:trojan-activity;sid:84461119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.187.173"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598018/; classtype:trojan-activity;sid:84461118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.188.100"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598017/; classtype:trojan-activity;sid:84461117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.54.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598016/; classtype:trojan-activity;sid:84461116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.81.254"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598015/; classtype:trojan-activity;sid:84461115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.128.51"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598013/; classtype:trojan-activity;sid:84461113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.133.180"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598014/; classtype:trojan-activity;sid:84461114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.182.135"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598012/; classtype:trojan-activity;sid:84461112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.216.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598011/; classtype:trojan-activity;sid:84461111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.54.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598010/; classtype:trojan-activity;sid:84461110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.102.79.2"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598009/; classtype:trojan-activity;sid:84461109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.188.100"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598008/; classtype:trojan-activity;sid:84461108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.114.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598007/; classtype:trojan-activity;sid:84461107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.216.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598006/; classtype:trojan-activity;sid:84461106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.179.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598004/; classtype:trojan-activity;sid:84461104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.81.254"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598005/; classtype:trojan-activity;sid:84461105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.179.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598003/; classtype:trojan-activity;sid:84461103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.58.184"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598002/; classtype:trojan-activity;sid:84461102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new2.msi"; depth:9; endswith; nocase; http.host; content:"enabledevmode.dev"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598001/; classtype:trojan-activity;sid:84461101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.190.235.68"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598000/; classtype:trojan-activity;sid:84461100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.176.123"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597999/; classtype:trojan-activity;sid:84461099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.125.138"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597998/; classtype:trojan-activity;sid:84461098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.131.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597997/; classtype:trojan-activity;sid:84461097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.63.214"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597996/; classtype:trojan-activity;sid:84461096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.241.143.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597995/; classtype:trojan-activity;sid:84461095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.139.32"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597994/; classtype:trojan-activity;sid:84461094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.230.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597993/; classtype:trojan-activity;sid:84461093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.131.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597992/; classtype:trojan-activity;sid:84461092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.139.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597991/; classtype:trojan-activity;sid:84461091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.148.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597990/; classtype:trojan-activity;sid:84461090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.241.143.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597989/; classtype:trojan-activity;sid:84461089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.139.32"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597988/; classtype:trojan-activity;sid:84461088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.139.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597987/; classtype:trojan-activity;sid:84461087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.29.46.195"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597986/; classtype:trojan-activity;sid:84461086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.230.157"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597985/; classtype:trojan-activity;sid:84461085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.18"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597984/; classtype:trojan-activity;sid:84461084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.76.247"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597983/; classtype:trojan-activity;sid:84461083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.178.121"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597982/; classtype:trojan-activity;sid:84461082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.39"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597981/; classtype:trojan-activity;sid:84461081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597980/; classtype:trojan-activity;sid:84461080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597964/; classtype:trojan-activity;sid:84461064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597965/; classtype:trojan-activity;sid:84461065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597966/; classtype:trojan-activity;sid:84461066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597967/; classtype:trojan-activity;sid:84461067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597968/; classtype:trojan-activity;sid:84461068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597969/; classtype:trojan-activity;sid:84461069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597970/; classtype:trojan-activity;sid:84461070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597971/; classtype:trojan-activity;sid:84461071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597972/; classtype:trojan-activity;sid:84461072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597973/; classtype:trojan-activity;sid:84461073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597974/; classtype:trojan-activity;sid:84461074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597975/; classtype:trojan-activity;sid:84461075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597976/; classtype:trojan-activity;sid:84461076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597977/; classtype:trojan-activity;sid:84461077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_spc"; depth:9; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597978/; classtype:trojan-activity;sid:84461078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597979/; classtype:trojan-activity;sid:84461079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597941/; classtype:trojan-activity;sid:84461041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597942/; classtype:trojan-activity;sid:84461042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597943/; classtype:trojan-activity;sid:84461043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597944/; classtype:trojan-activity;sid:84461044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597945/; classtype:trojan-activity;sid:84461045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597946/; classtype:trojan-activity;sid:84461046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597947/; classtype:trojan-activity;sid:84461047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597948/; classtype:trojan-activity;sid:84461048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597949/; classtype:trojan-activity;sid:84461049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597950/; classtype:trojan-activity;sid:84461050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597951/; classtype:trojan-activity;sid:84461051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597952/; classtype:trojan-activity;sid:84461052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597953/; classtype:trojan-activity;sid:84461053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597954/; classtype:trojan-activity;sid:84461054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597955/; classtype:trojan-activity;sid:84461055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597956/; classtype:trojan-activity;sid:84461056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597957/; classtype:trojan-activity;sid:84461057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597958/; classtype:trojan-activity;sid:84461058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597959/; classtype:trojan-activity;sid:84461059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597960/; classtype:trojan-activity;sid:84461060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597961/; classtype:trojan-activity;sid:84461061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"78.142.229.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597962/; classtype:trojan-activity;sid:84461062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"87.121.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597963/; classtype:trojan-activity;sid:84461063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.18"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597940/; classtype:trojan-activity;sid:84461040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.178.121"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597939/; classtype:trojan-activity;sid:84461039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.17.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597938/; classtype:trojan-activity;sid:84461038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.54.29.54"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597937/; classtype:trojan-activity;sid:84461037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.152.228"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597936/; classtype:trojan-activity;sid:84461036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.227.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597935/; classtype:trojan-activity;sid:84461035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.39"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597933/; classtype:trojan-activity;sid:84461033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.71.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597934/; classtype:trojan-activity;sid:84461034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.15.207"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597932/; classtype:trojan-activity;sid:84461032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.64.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597931/; classtype:trojan-activity;sid:84461031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"164.90.171.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597930/; classtype:trojan-activity;sid:84461030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"164.90.171.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597929/; classtype:trojan-activity;sid:84461029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.250.140"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597928/; classtype:trojan-activity;sid:84461028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597926/; classtype:trojan-activity;sid:84461026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"164.90.171.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597927/; classtype:trojan-activity;sid:84461027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.9.2.5"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597925/; classtype:trojan-activity;sid:84461025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flow/taglink.js"; depth:16; endswith; nocase; http.host; content:"apexkolp.today"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597924/; classtype:trojan-activity;sid:84461024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.237.208.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597923/; classtype:trojan-activity;sid:84461023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mainapp.exe"; depth:12; endswith; nocase; http.host; content:"87.120.222.208"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597922/; classtype:trojan-activity;sid:84461022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xx45.exe"; depth:9; endswith; nocase; http.host; content:"87.120.222.208"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597921/; classtype:trojan-activity;sid:84461021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.147.40.18"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597918/; classtype:trojan-activity;sid:84461018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"164.90.171.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597919/; classtype:trojan-activity;sid:84461019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.91.174"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597920/; classtype:trojan-activity;sid:84461020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kingcode.txt"; depth:13; endswith; nocase; http.host; content:"87.120.222.208"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597917/; classtype:trojan-activity;sid:84461017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.2.16"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597916/; classtype:trojan-activity;sid:84461016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.13.251"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597915/; classtype:trojan-activity;sid:84461015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.230.88.54"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597914/; classtype:trojan-activity;sid:84461014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.sh"; depth:8; endswith; nocase; http.host; content:"164.90.171.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597911/; classtype:trojan-activity;sid:84461011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.53.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597912/; classtype:trojan-activity;sid:84461012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.76.247"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597913/; classtype:trojan-activity;sid:84461013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"164.90.171.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597910/; classtype:trojan-activity;sid:84461010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.17.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597909/; classtype:trojan-activity;sid:84461009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.152.228"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597908/; classtype:trojan-activity;sid:84461008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.3.220"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597907/; classtype:trojan-activity;sid:84461007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.80.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597906/; classtype:trojan-activity;sid:84461006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.227.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597904/; classtype:trojan-activity;sid:84461004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.64.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597905/; classtype:trojan-activity;sid:84461005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.75.164"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597903/; classtype:trojan-activity;sid:84461003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.145.58"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597902/; classtype:trojan-activity;sid:84461002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.80.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597901/; classtype:trojan-activity;sid:84461001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.215.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597900/; classtype:trojan-activity;sid:84461000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.148.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597899/; classtype:trojan-activity;sid:84460999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.74.87"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597898/; classtype:trojan-activity;sid:84460998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.144.110"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597897/; classtype:trojan-activity;sid:84460997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.7.19"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597896/; classtype:trojan-activity;sid:84460996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.143.174.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597895/; classtype:trojan-activity;sid:84460995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.29.225.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597894/; classtype:trojan-activity;sid:84460994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.68.133"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597893/; classtype:trojan-activity;sid:84460993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.151.197"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597892/; classtype:trojan-activity;sid:84460992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.43.195"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597891/; classtype:trojan-activity;sid:84460991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.29.225.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597890/; classtype:trojan-activity;sid:84460990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.200.218"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597889/; classtype:trojan-activity;sid:84460989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.58.56"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597888/; classtype:trojan-activity;sid:84460988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.43.195"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597887/; classtype:trojan-activity;sid:84460987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.48.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597886/; classtype:trojan-activity;sid:84460986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.60.217"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597885/; classtype:trojan-activity;sid:84460985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.68.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597884/; classtype:trojan-activity;sid:84460984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.68.133"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597883/; classtype:trojan-activity;sid:84460983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.68.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597882/; classtype:trojan-activity;sid:84460982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.156.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597881/; classtype:trojan-activity;sid:84460981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.45.110"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3597880/; classtype:trojan-activity;sid:84460980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.232.199.25"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597879/; classtype:trojan-activity;sid:84460979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.226.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597878/; classtype:trojan-activity;sid:84460978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.232.199.25"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597877/; classtype:trojan-activity;sid:84460977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.156.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597876/; classtype:trojan-activity;sid:84460976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.45.110"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597875/; classtype:trojan-activity;sid:84460975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.24.90"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597874/; classtype:trojan-activity;sid:84460974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.226.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597873/; classtype:trojan-activity;sid:84460973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.169.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597871/; classtype:trojan-activity;sid:84460971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.236.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597872/; classtype:trojan-activity;sid:84460972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.233.37"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597870/; classtype:trojan-activity;sid:84460970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.93.88"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597869/; classtype:trojan-activity;sid:84460969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.14.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597868/; classtype:trojan-activity;sid:84460968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.169.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597867/; classtype:trojan-activity;sid:84460967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.236.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597866/; classtype:trojan-activity;sid:84460966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.55"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597865/; classtype:trojan-activity;sid:84460965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.225.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597864/; classtype:trojan-activity;sid:84460964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.152.142"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597863/; classtype:trojan-activity;sid:84460963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.19.72.149"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597862/; classtype:trojan-activity;sid:84460962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.80.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597861/; classtype:trojan-activity;sid:84460961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.197.76"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597860/; classtype:trojan-activity;sid:84460960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.225.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597859/; classtype:trojan-activity;sid:84460959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.105.170"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597858/; classtype:trojan-activity;sid:84460958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.233.37"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597856/; classtype:trojan-activity;sid:84460956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.126.86.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597857/; classtype:trojan-activity;sid:84460957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.197.76"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597855/; classtype:trojan-activity;sid:84460955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.93.151.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597854/; classtype:trojan-activity;sid:84460954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.55"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597853/; classtype:trojan-activity;sid:84460953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597851/; classtype:trojan-activity;sid:84460951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597852/; classtype:trojan-activity;sid:84460952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597850/; classtype:trojan-activity;sid:84460950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597849/; classtype:trojan-activity;sid:84460949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597847/; classtype:trojan-activity;sid:84460947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597848/; classtype:trojan-activity;sid:84460948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597840/; classtype:trojan-activity;sid:84460940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597841/; classtype:trojan-activity;sid:84460941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597842/; classtype:trojan-activity;sid:84460942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597843/; classtype:trojan-activity;sid:84460943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597844/; classtype:trojan-activity;sid:84460944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597845/; classtype:trojan-activity;sid:84460945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597846/; classtype:trojan-activity;sid:84460946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597835/; classtype:trojan-activity;sid:84460935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597836/; classtype:trojan-activity;sid:84460936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597837/; classtype:trojan-activity;sid:84460937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597838/; classtype:trojan-activity;sid:84460938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597839/; classtype:trojan-activity;sid:84460939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597833/; classtype:trojan-activity;sid:84460933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597834/; classtype:trojan-activity;sid:84460934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"176.65.148.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597832/; classtype:trojan-activity;sid:84460932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.4.205"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597831/; classtype:trojan-activity;sid:84460931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.85"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597830/; classtype:trojan-activity;sid:84460930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.134.64"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597829/; classtype:trojan-activity;sid:84460929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.55.196"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597828/; classtype:trojan-activity;sid:84460928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.70.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597827/; classtype:trojan-activity;sid:84460927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.105.170"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597826/; classtype:trojan-activity;sid:84460926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.68.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597825/; classtype:trojan-activity;sid:84460925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.85"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597824/; classtype:trojan-activity;sid:84460924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/documentinfo.pdf.lnk"; depth:25; endswith; nocase; http.host; content:"turns-hung-sparc-wound.trycloudflare.com"; depth:40; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597822/; classtype:trojan-activity;sid:84460922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.149.211"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597823/; classtype:trojan-activity;sid:84460923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver/fi.wsf"; depth:11; endswith; nocase; http.host; content:"turns-hung-sparc-wound.trycloudflare.com"; depth:40; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597820/; classtype:trojan-activity;sid:84460920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver/tuts.wsh"; depth:13; endswith; nocase; http.host; content:"turns-hung-sparc-wound.trycloudflare.com"; depth:40; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597821/; classtype:trojan-activity;sid:84460921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vog.bat"; depth:8; endswith; nocase; http.host; content:"turns-hung-sparc-wound.trycloudflare.com"; depth:40; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597819/; classtype:trojan-activity;sid:84460919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download1"; depth:10; endswith; nocase; http.host; content:"34.246.194.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597818/; classtype:trojan-activity;sid:84460918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.55.196"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597817/; classtype:trojan-activity;sid:84460917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.215.40"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597816/; classtype:trojan-activity;sid:84460916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.79.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597812/; classtype:trojan-activity;sid:84460912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.58.184"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597813/; classtype:trojan-activity;sid:84460913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.2.233"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597814/; classtype:trojan-activity;sid:84460914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.255.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597815/; classtype:trojan-activity;sid:84460915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.236.10.243"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597807/; classtype:trojan-activity;sid:84460907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/mips"; depth:9; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597808/; classtype:trojan-activity;sid:84460908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y91/x86"; depth:8; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597809/; classtype:trojan-activity;sid:84460909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.191.253"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597810/; classtype:trojan-activity;sid:84460910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.110.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597811/; classtype:trojan-activity;sid:84460911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.3.218"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597806/; classtype:trojan-activity;sid:84460906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upwslryosvr04ow.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597805/; classtype:trojan-activity;sid:84460905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.134.64"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597804/; classtype:trojan-activity;sid:84460904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/brtycbi8/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597803/; classtype:trojan-activity;sid:84460903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ojk.js"; depth:7; endswith; nocase; http.host; content:"45.141.233.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597802/; classtype:trojan-activity;sid:84460902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noodx.vbs"; depth:10; endswith; nocase; http.host; content:"107.175.243.133"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597801/; classtype:trojan-activity;sid:84460901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msi.png"; depth:18; endswith; nocase; http.host; content:"107.175.243.133"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597800/; classtype:trojan-activity;sid:84460900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmom6dik7db78fz.exe"; depth:20; endswith; nocase; http.host; content:"213.209.150.18"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597799/; classtype:trojan-activity;sid:84460899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myfiledotcome.vbs"; depth:18; endswith; nocase; http.host; content:"107.175.243.133"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597798/; classtype:trojan-activity;sid:84460898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.0.252"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597797/; classtype:trojan-activity;sid:84460897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evernew/new.txt"; depth:16; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597792/; classtype:trojan-activity;sid:84460892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evernew/mount.txt"; depth:18; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597793/; classtype:trojan-activity;sid:84460893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evernew/vzxfghsd.zip"; depth:21; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597794/; classtype:trojan-activity;sid:84460894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evernew/como.txt"; depth:17; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597795/; classtype:trojan-activity;sid:84460895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evernew/newcomo.zip"; depth:20; endswith; nocase; http.host; content:"147.124.215.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597796/; classtype:trojan-activity;sid:84460896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597791/; classtype:trojan-activity;sid:84460891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_e5dd833f06dc4f099ef6ba2a32d10fca.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597790/; classtype:trojan-activity;sid:84460890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_18c63d35f84a430e9bc070c4ca2a15da.txt"; depth:45; endswith; nocase; http.host; content:"janinacamposess.lovestoblog.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597787/; classtype:trojan-activity;sid:84460887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_55cd48f49155468889890faa58ea63db.txt"; depth:45; endswith; nocase; http.host; content:"janinacamposess.lovestoblog.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597788/; classtype:trojan-activity;sid:84460888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_5b2e1977882e453c9d606de7215e6a36.txt"; depth:45; endswith; nocase; http.host; content:"janinacamposess.lovestoblog.com"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597789/; classtype:trojan-activity;sid:84460889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.152.85"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597786/; classtype:trojan-activity;sid:84460886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.3.218"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597785/; classtype:trojan-activity;sid:84460885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vthqzccrew_04/02.txt"; depth:21; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597782/; classtype:trojan-activity;sid:84460882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vthqzccrew_04/01.txt"; depth:21; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597783/; classtype:trojan-activity;sid:84460883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vthqzccrew_04/03.txt"; depth:21; endswith; nocase; http.host; content:"andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597784/; classtype:trojan-activity;sid:84460884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.180.116"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597781/; classtype:trojan-activity;sid:84460881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597780/; classtype:trojan-activity;sid:84460880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.0.252"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597779/; classtype:trojan-activity;sid:84460879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"172.236.144.169"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597778/; classtype:trojan-activity;sid:84460878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/coinbase_incident_log.scr"; depth:28; endswith; nocase; http.host; content:"103.245.231.248"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597777/; classtype:trojan-activity;sid:84460877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.5.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597776/; classtype:trojan-activity;sid:84460876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.1.118"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597775/; classtype:trojan-activity;sid:84460875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_30ae4b1d9dbf45a7923e26f801050432.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597774/; classtype:trojan-activity;sid:84460874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installer.exe"; depth:14; endswith; nocase; http.host; content:"adobehelp.net"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597773/; classtype:trojan-activity;sid:84460873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.24.127"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597772/; classtype:trojan-activity;sid:84460872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awmcokt"; depth:8; endswith; nocase; http.host; content:"212.11.64.130"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597771/; classtype:trojan-activity;sid:84460871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grbkp.txt"; depth:10; endswith; nocase; http.host; content:"212.11.64.130"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597770/; classtype:trojan-activity;sid:84460870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pure/sdjfsswjuzz.mp4"; depth:21; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597767/; classtype:trojan-activity;sid:84460867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pure/shcvxpe.wav"; depth:17; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597768/; classtype:trojan-activity;sid:84460868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pure/paktrkhzxd.mp3"; depth:20; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597769/; classtype:trojan-activity;sid:84460869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pure/zwubgmhzz.mp4"; depth:19; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597766/; classtype:trojan-activity;sid:84460866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pure/dneljncc.pdf"; depth:18; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597765/; classtype:trojan-activity;sid:84460865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pure/awdjmkam.mp4"; depth:18; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597763/; classtype:trojan-activity;sid:84460863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12.bat"; depth:7; endswith; nocase; http.host; content:"94.141.160.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597764/; classtype:trojan-activity;sid:84460864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agreementthreats.exe"; depth:21; endswith; nocase; http.host; content:"94.141.160.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597762/; classtype:trojan-activity;sid:84460862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak/dec_194_vatmyapkbri"; depth:24; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597760/; classtype:trojan-activity;sid:84460860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11.cmd"; depth:7; endswith; nocase; http.host; content:"94.141.160.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597761/; classtype:trojan-activity;sid:84460861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lu.cmd"; depth:7; endswith; nocase; http.host; content:"94.141.160.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597759/; classtype:trojan-activity;sid:84460859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pure/ltzlpucwc.mp3"; depth:19; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597755/; classtype:trojan-activity;sid:84460855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pure/ssnwznltid.pdf"; depth:20; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597756/; classtype:trojan-activity;sid:84460856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pure/nvcwy.pdf"; depth:15; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597757/; classtype:trojan-activity;sid:84460857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drp/rik_base64.txt"; depth:19; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597758/; classtype:trojan-activity;sid:84460858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak/dec_228_mrkghptgmrb"; depth:24; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597753/; classtype:trojan-activity;sid:84460853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak/k3k_226_tzrvrhvzvyf"; depth:24; endswith; nocase; http.host; content:"novochrom.us"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597754/; classtype:trojan-activity;sid:84460854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.179.202"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597752/; classtype:trojan-activity;sid:84460852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.1.118"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597750/; classtype:trojan-activity;sid:84460850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.5.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597751/; classtype:trojan-activity;sid:84460851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.191.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597749/; classtype:trojan-activity;sid:84460849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7084009378/trgahsm.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597748/; classtype:trojan-activity;sid:84460848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.37.204"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597747/; classtype:trojan-activity;sid:84460847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.46.194.254"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597746/; classtype:trojan-activity;sid:84460846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ir09s.ppc"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597743/; classtype:trojan-activity;sid:84460843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.177.221"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597744/; classtype:trojan-activity;sid:84460844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z9forn.mips"; depth:12; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597745/; classtype:trojan-activity;sid:84460845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o16ub7.x86"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597742/; classtype:trojan-activity;sid:84460842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yif95i.arm7"; depth:12; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597738/; classtype:trojan-activity;sid:84460838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxwi5i.m68k"; depth:12; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597739/; classtype:trojan-activity;sid:84460839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y0roef.i686"; depth:12; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597740/; classtype:trojan-activity;sid:84460840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wx6ux4.arm6"; depth:12; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597741/; classtype:trojan-activity;sid:84460841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.188.38"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597737/; classtype:trojan-activity;sid:84460837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7390569416/kaq7taz.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597736/; classtype:trojan-activity;sid:84460836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.179.202"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597735/; classtype:trojan-activity;sid:84460835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_4441a2d34fcc4c47b05eb460c6d38fe4.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597734/; classtype:trojan-activity;sid:84460834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_d52fd2b84edd4abc8c411e360e512ac5.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597733/; classtype:trojan-activity;sid:84460833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.191.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597732/; classtype:trojan-activity;sid:84460832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_e947eecdcbf145f6a1dd8c41dd002742.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597731/; classtype:trojan-activity;sid:84460831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_b45f34fc6f2044c3b043f038e5ebf32a.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597730/; classtype:trojan-activity;sid:84460830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_c456f533a2df4b689180002920ee01b7.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597728/; classtype:trojan-activity;sid:84460828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_fd90492a71b445cba81e4b7be0088ff4.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597729/; classtype:trojan-activity;sid:84460829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_cb6b3246e2d34bf5be90a1a4d877ed8a.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597727/; classtype:trojan-activity;sid:84460827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_8297fb50f4634ce899ec82a58f3a4f03.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597726/; classtype:trojan-activity;sid:84460826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/optimized_msi_20250805_2154/optimized_msi.png"; depth:55; endswith; nocase; http.host; content:"archive.org"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597725/; classtype:trojan-activity;sid:84460825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_f7b62b3d5fd049da868d0b54b26af510.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597724/; classtype:trojan-activity;sid:84460824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_9f48792bacd3496ab2230b04a19f98ed.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597723/; classtype:trojan-activity;sid:84460823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.67.57"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597722/; classtype:trojan-activity;sid:84460822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.37.204"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597721/; classtype:trojan-activity;sid:84460821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.177.221"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597720/; classtype:trojan-activity;sid:84460820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597719/; classtype:trojan-activity;sid:84460819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597718/; classtype:trojan-activity;sid:84460818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597717/; classtype:trojan-activity;sid:84460817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0805muka.zip"; depth:13; endswith; nocase; http.host; content:"rush-poetry-stations-disciplinary.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597716/; classtype:trojan-activity;sid:84460816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597714/; classtype:trojan-activity;sid:84460814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597715/; classtype:trojan-activity;sid:84460815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597712/; classtype:trojan-activity;sid:84460812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597713/; classtype:trojan-activity;sid:84460813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597705/; classtype:trojan-activity;sid:84460805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597706/; classtype:trojan-activity;sid:84460806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597707/; classtype:trojan-activity;sid:84460807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597708/; classtype:trojan-activity;sid:84460808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597709/; classtype:trojan-activity;sid:84460809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arc"; depth:25; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597710/; classtype:trojan-activity;sid:84460810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597711/; classtype:trojan-activity;sid:84460811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i468"; depth:26; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597704/; classtype:trojan-activity;sid:84460804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zo.zip"; depth:7; endswith; nocase; http.host; content:"eugene-reuters-subdivision-quarter.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597703/; classtype:trojan-activity;sid:84460803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0805suka.zip"; depth:13; endswith; nocase; http.host; content:"rush-poetry-stations-disciplinary.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597702/; classtype:trojan-activity;sid:84460802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0805star.bat"; depth:13; endswith; nocase; http.host; content:"rush-poetry-stations-disciplinary.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597701/; classtype:trojan-activity;sid:84460801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.24.132"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597700/; classtype:trojan-activity;sid:84460800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user_profiles_photo/shellcode.bin"; depth:34; endswith; nocase; http.host; content:"94.154.35.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597699/; classtype:trojan-activity;sid:84460799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user_profiles_photo/cptch.bin"; depth:30; endswith; nocase; http.host; content:"94.154.35.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597698/; classtype:trojan-activity;sid:84460798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1824233174/ymtopzg.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597696/; classtype:trojan-activity;sid:84460796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8032789473/jlsgsa8.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597697/; classtype:trojan-activity;sid:84460797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpuk4"; depth:7; endswith; nocase; http.host; content:"link.emcdn.ru"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597695/; classtype:trojan-activity;sid:84460795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8327455725/iz8poz6.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597694/; classtype:trojan-activity;sid:84460794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"87.121.84.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597693/; classtype:trojan-activity;sid:84460793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6383224650/jnn4uwy.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597691/; classtype:trojan-activity;sid:84460791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8032789473/jlsgsa8.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597692/; classtype:trojan-activity;sid:84460792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.67.57"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597690/; classtype:trojan-activity;sid:84460790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user_profiles_photo/stlc.exe"; depth:29; endswith; nocase; http.host; content:"94.154.35.115"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597689/; classtype:trojan-activity;sid:84460789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/copilotdriver.js"; depth:17; endswith; nocase; http.host; content:"181.206.158.190"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597687/; classtype:trojan-activity;sid:84460787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wmieventlogs.js"; depth:16; endswith; nocase; http.host; content:"181.206.158.190"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597685/; classtype:trojan-activity;sid:84460785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/copilotdrivers.js"; depth:18; endswith; nocase; http.host; content:"181.206.158.190"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597686/; classtype:trojan-activity;sid:84460786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6532573308/lfe4vxg.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597684/; classtype:trojan-activity;sid:84460784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6910514733/r6jiyoq.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597682/; classtype:trojan-activity;sid:84460782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/coinbase_incident_log.scr"; depth:28; endswith; nocase; http.host; content:"x-web-drv.net"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597683/; classtype:trojan-activity;sid:84460783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ylxxpy79.bin"; depth:13; endswith; nocase; http.host; content:"96.44.159.204"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597680/; classtype:trojan-activity;sid:84460780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_139f442e1c964534a1f28b54ac0064e2.txt"; depth:45; endswith; nocase; http.host; content:"trabajo2025.lovestoblog.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597681/; classtype:trojan-activity;sid:84460781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7882954356/qj1hdq3.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597678/; classtype:trojan-activity;sid:84460778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gate2hj45g2kway/lpr307k4.ka879"; depth:31; endswith; nocase; http.host; content:"107.150.0.79"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597679/; classtype:trojan-activity;sid:84460779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.136.3.219"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597677/; classtype:trojan-activity;sid:84460777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"118.68.64.227"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597676/; classtype:trojan-activity;sid:84460776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.43.179.233"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597675/; classtype:trojan-activity;sid:84460775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"3.253.84.205"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597669/; classtype:trojan-activity;sid:84460769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.98.136.161"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597670/; classtype:trojan-activity;sid:84460770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"134.175.236.240"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597671/; classtype:trojan-activity;sid:84460771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.83.8.68"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597672/; classtype:trojan-activity;sid:84460772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.102.21.22"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597673/; classtype:trojan-activity;sid:84460773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.70.100.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597674/; classtype:trojan-activity;sid:84460774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.97.118.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597664/; classtype:trojan-activity;sid:84460764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"132.226.105.28"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597665/; classtype:trojan-activity;sid:84460765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.229.153.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597666/; classtype:trojan-activity;sid:84460766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.229.153.122"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597667/; classtype:trojan-activity;sid:84460767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"156.239.238.94"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597668/; classtype:trojan-activity;sid:84460768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.211.40.52"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597663/; classtype:trojan-activity;sid:84460763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"120.157.159.22"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597662/; classtype:trojan-activity;sid:84460762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.209.201.128"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597661/; classtype:trojan-activity;sid:84460761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"120.157.66.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597655/; classtype:trojan-activity;sid:84460755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.139.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597656/; classtype:trojan-activity;sid:84460756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.7.14"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597657/; classtype:trojan-activity;sid:84460757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.12.104.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597658/; classtype:trojan-activity;sid:84460758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.244.221.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597659/; classtype:trojan-activity;sid:84460759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.161.254.102"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597660/; classtype:trojan-activity;sid:84460760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.236.26.65"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597652/; classtype:trojan-activity;sid:84460752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.26.16.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597653/; classtype:trojan-activity;sid:84460753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"42.119.154.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597654/; classtype:trojan-activity;sid:84460754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.42.66.211"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597650/; classtype:trojan-activity;sid:84460750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.185.66.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597651/; classtype:trojan-activity;sid:84460751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.125.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597645/; classtype:trojan-activity;sid:84460745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.22.46.166"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597646/; classtype:trojan-activity;sid:84460746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.175.206.149"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597647/; classtype:trojan-activity;sid:84460747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.33.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597648/; classtype:trojan-activity;sid:84460748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"171.226.209.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597649/; classtype:trojan-activity;sid:84460749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.162.127"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597642/; classtype:trojan-activity;sid:84460742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.169.196.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597643/; classtype:trojan-activity;sid:84460743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.14.49"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597644/; classtype:trojan-activity;sid:84460744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"77.12.115.82"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597641/; classtype:trojan-activity;sid:84460741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.4.56"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597640/; classtype:trojan-activity;sid:84460740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.123.64"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597639/; classtype:trojan-activity;sid:84460739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.138.91"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597638/; classtype:trojan-activity;sid:84460738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.222.62.126"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597637/; classtype:trojan-activity;sid:84460737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.2.223"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597636/; classtype:trojan-activity;sid:84460736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.53.176.117"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597635/; classtype:trojan-activity;sid:84460735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.17.18.13"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597634/; classtype:trojan-activity;sid:84460734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.77.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597633/; classtype:trojan-activity;sid:84460733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.2.223"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597632/; classtype:trojan-activity;sid:84460732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.53.176.117"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597631/; classtype:trojan-activity;sid:84460731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.3.171"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597630/; classtype:trojan-activity;sid:84460730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.193.151"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597629/; classtype:trojan-activity;sid:84460729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.218.240.68"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597628/; classtype:trojan-activity;sid:84460728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.21.174.27"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597627/; classtype:trojan-activity;sid:84460727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.74.13.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597626/; classtype:trojan-activity;sid:84460726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.218.240.68"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597625/; classtype:trojan-activity;sid:84460725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.91.174"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597624/; classtype:trojan-activity;sid:84460724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.53.43.185"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597623/; classtype:trojan-activity;sid:84460723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.73.244"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597622/; classtype:trojan-activity;sid:84460722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.32"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597621/; classtype:trojan-activity;sid:84460721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.153.183"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597620/; classtype:trojan-activity;sid:84460720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.74.87"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597619/; classtype:trojan-activity;sid:84460719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.3.171"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597618/; classtype:trojan-activity;sid:84460718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.226.49.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597617/; classtype:trojan-activity;sid:84460717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.80.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597616/; classtype:trojan-activity;sid:84460716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.247.16.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597614/; classtype:trojan-activity;sid:84460714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.132.25"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597615/; classtype:trojan-activity;sid:84460715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.19.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597611/; classtype:trojan-activity;sid:84460711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.141"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597612/; classtype:trojan-activity;sid:84460712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.33.85"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597613/; classtype:trojan-activity;sid:84460713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xx45kingsman.txt"; depth:17; endswith; nocase; http.host; content:"87.120.222.208"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597610/; classtype:trojan-activity;sid:84460710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.156.180.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597609/; classtype:trojan-activity;sid:84460709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.195.121.4"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597608/; classtype:trojan-activity;sid:84460708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.97.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597607/; classtype:trojan-activity;sid:84460707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.156.180.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597606/; classtype:trojan-activity;sid:84460706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.231.16"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597605/; classtype:trojan-activity;sid:84460705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.62.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597604/; classtype:trojan-activity;sid:84460704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.132.25"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597603/; classtype:trojan-activity;sid:84460703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.215.117"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597602/; classtype:trojan-activity;sid:84460702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.2.196"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597601/; classtype:trojan-activity;sid:84460701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.111.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597600/; classtype:trojan-activity;sid:84460700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.32"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597599/; classtype:trojan-activity;sid:84460699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.180.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597598/; classtype:trojan-activity;sid:84460698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.124.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597597/; classtype:trojan-activity;sid:84460697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.255.178.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597596/; classtype:trojan-activity;sid:84460696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.97.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597595/; classtype:trojan-activity;sid:84460695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.62.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597594/; classtype:trojan-activity;sid:84460694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.57.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597593/; classtype:trojan-activity;sid:84460693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.215.117"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597592/; classtype:trojan-activity;sid:84460692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.21.174.27"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597591/; classtype:trojan-activity;sid:84460691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.53.43.185"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597590/; classtype:trojan-activity;sid:84460690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.33.79"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597589/; classtype:trojan-activity;sid:84460689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.180.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597588/; classtype:trojan-activity;sid:84460688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.9.5"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597587/; classtype:trojan-activity;sid:84460687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.255.178.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597586/; classtype:trojan-activity;sid:84460686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.175.80"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597585/; classtype:trojan-activity;sid:84460685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.9.5"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597584/; classtype:trojan-activity;sid:84460684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.110.199"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597583/; classtype:trojan-activity;sid:84460683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.254.255"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597582/; classtype:trojan-activity;sid:84460682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.111.243.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597581/; classtype:trojan-activity;sid:84460681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.56.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597580/; classtype:trojan-activity;sid:84460680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn.exe"; depth:7; endswith; nocase; http.host; content:"206.233.128.212"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597579/; classtype:trojan-activity;sid:84460679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22.word_url-.docx"; depth:18; endswith; nocase; http.host; content:"175.196.233.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597578/; classtype:trojan-activity;sid:84460678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.50.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597577/; classtype:trojan-activity;sid:84460677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.175.80"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597576/; classtype:trojan-activity;sid:84460676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.157.244"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597575/; classtype:trojan-activity;sid:84460675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.117.254"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597574/; classtype:trojan-activity;sid:84460674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.110.199"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597573/; classtype:trojan-activity;sid:84460673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.2.68"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597572/; classtype:trojan-activity;sid:84460672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/config/dr.exe"; depth:14; endswith; nocase; http.host; content:"101.33.235.96"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597571/; classtype:trojan-activity;sid:84460671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xlfrc64.exe"; depth:12; endswith; nocase; http.host; content:"ns5004965.ip-51-79-228.net"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597570/; classtype:trojan-activity;sid:84460670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10.exe"; depth:7; endswith; nocase; http.host; content:"ns5004965.ip-51-79-228.net"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597568/; classtype:trojan-activity;sid:84460668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/88.exe"; depth:7; endswith; nocase; http.host; content:"ns5004965.ip-51-79-228.net"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597569/; classtype:trojan-activity;sid:84460669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nc64.exe"; depth:9; endswith; nocase; http.host; content:"ns5004965.ip-51-79-228.net"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597567/; classtype:trojan-activity;sid:84460667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.157.244"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597566/; classtype:trojan-activity;sid:84460666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.138.108"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597565/; classtype:trojan-activity;sid:84460665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.50.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597564/; classtype:trojan-activity;sid:84460664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.2.68"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597563/; classtype:trojan-activity;sid:84460663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/host.scr"; depth:9; endswith; nocase; http.host; content:"15.235.176.226"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597562/; classtype:trojan-activity;sid:84460662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.118.187"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597561/; classtype:trojan-activity;sid:84460661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.117.254"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597560/; classtype:trojan-activity;sid:84460660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_t0t1.zip"; depth:13; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597559/; classtype:trojan-activity;sid:84460659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new1.bat"; depth:9; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597553/; classtype:trojan-activity;sid:84460653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shoopify.bat"; depth:13; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597554/; classtype:trojan-activity;sid:84460654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_hvnc_x86.bat"; depth:18; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597555/; classtype:trojan-activity;sid:84460655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kindle_x86.bat"; depth:15; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597556/; classtype:trojan-activity;sid:84460656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shopify.bat"; depth:12; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597557/; classtype:trojan-activity;sid:84460657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597558/; classtype:trojan-activity;sid:84460658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.211.237"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597552/; classtype:trojan-activity;sid:84460652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.227.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597551/; classtype:trojan-activity;sid:84460651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.241.107"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597550/; classtype:trojan-activity;sid:84460650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quz1.zip"; depth:9; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597549/; classtype:trojan-activity;sid:84460649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quz11.zip"; depth:10; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597548/; classtype:trojan-activity;sid:84460648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_abb1.zip"; depth:13; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597547/; classtype:trojan-activity;sid:84460647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_quz1.zip"; depth:13; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597546/; classtype:trojan-activity;sid:84460646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597545/; classtype:trojan-activity;sid:84460645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp1.zip"; depth:10; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597544/; classtype:trojan-activity;sid:84460644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abb1.zip"; depth:9; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597543/; classtype:trojan-activity;sid:84460643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zipped/map.zip"; depth:15; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597542/; classtype:trojan-activity;sid:84460642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abb11.zip"; depth:10; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597541/; classtype:trojan-activity;sid:84460641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zipped/stark.zip"; depth:17; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597540/; classtype:trojan-activity;sid:84460640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.118.187"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597539/; classtype:trojan-activity;sid:84460639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.227.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597538/; classtype:trojan-activity;sid:84460638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.120.250"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597537/; classtype:trojan-activity;sid:84460637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.16.183"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597536/; classtype:trojan-activity;sid:84460636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.0.244"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597535/; classtype:trojan-activity;sid:84460635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.62.135"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597534/; classtype:trojan-activity;sid:84460634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.88"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597533/; classtype:trojan-activity;sid:84460633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.105.244"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597532/; classtype:trojan-activity;sid:84460632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.62.135"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597531/; classtype:trojan-activity;sid:84460631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.120.250"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597530/; classtype:trojan-activity;sid:84460630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.106.150"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597529/; classtype:trojan-activity;sid:84460629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.79.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597528/; classtype:trojan-activity;sid:84460628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.53.135"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597527/; classtype:trojan-activity;sid:84460627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.63.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597526/; classtype:trojan-activity;sid:84460626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.106.150"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597525/; classtype:trojan-activity;sid:84460625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.79.45"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597524/; classtype:trojan-activity;sid:84460624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.232.170.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597523/; classtype:trojan-activity;sid:84460623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.64.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597522/; classtype:trojan-activity;sid:84460622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.169.247.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597521/; classtype:trojan-activity;sid:84460621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.104.107"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597520/; classtype:trojan-activity;sid:84460620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.42.87.34"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597519/; classtype:trojan-activity;sid:84460619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.83.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597518/; classtype:trojan-activity;sid:84460618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597517/; classtype:trojan-activity;sid:84460617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.232.170.224"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597516/; classtype:trojan-activity;sid:84460616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.254.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597515/; classtype:trojan-activity;sid:84460615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.42.87.34"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597514/; classtype:trojan-activity;sid:84460614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.135.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597513/; classtype:trojan-activity;sid:84460613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.104.107"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597512/; classtype:trojan-activity;sid:84460612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.254.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597511/; classtype:trojan-activity;sid:84460611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.246.195"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597510/; classtype:trojan-activity;sid:84460610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.33.79"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597509/; classtype:trojan-activity;sid:84460609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.94.220.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597508/; classtype:trojan-activity;sid:84460608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.53.58.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597507/; classtype:trojan-activity;sid:84460607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.53.58.29"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597506/; classtype:trojan-activity;sid:84460606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.93.151.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597505/; classtype:trojan-activity;sid:84460605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597501/; classtype:trojan-activity;sid:84460601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.15.58"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597502/; classtype:trojan-activity;sid:84460602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.107.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597503/; classtype:trojan-activity;sid:84460603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.19.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597504/; classtype:trojan-activity;sid:84460604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"93.177.151.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597500/; classtype:trojan-activity;sid:84460600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.41.184"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597499/; classtype:trojan-activity;sid:84460599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.108.213.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597498/; classtype:trojan-activity;sid:84460598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.246.195"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597497/; classtype:trojan-activity;sid:84460597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.145.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597496/; classtype:trojan-activity;sid:84460596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.45.39"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597495/; classtype:trojan-activity;sid:84460595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.219"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597494/; classtype:trojan-activity;sid:84460594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"45.141.26.47"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597493/; classtype:trojan-activity;sid:84460593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597482/; classtype:trojan-activity;sid:84460582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mips"; depth:26; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597483/; classtype:trojan-activity;sid:84460583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.m68k"; depth:26; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597484/; classtype:trojan-activity;sid:84460584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i686"; depth:26; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597485/; classtype:trojan-activity;sid:84460585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597486/; classtype:trojan-activity;sid:84460586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597487/; classtype:trojan-activity;sid:84460587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.ppc"; depth:25; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597488/; classtype:trojan-activity;sid:84460588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86"; depth:25; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597489/; classtype:trojan-activity;sid:84460589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597490/; classtype:trojan-activity;sid:84460590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597491/; classtype:trojan-activity;sid:84460591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.spc"; depth:25; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597492/; classtype:trojan-activity;sid:84460592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arc"; depth:25; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597476/; classtype:trojan-activity;sid:84460576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm6"; depth:26; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597477/; classtype:trojan-activity;sid:84460577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i468"; depth:26; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597478/; classtype:trojan-activity;sid:84460578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm5"; depth:26; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597479/; classtype:trojan-activity;sid:84460579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.sh4"; depth:25; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597480/; classtype:trojan-activity;sid:84460580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.x86_64"; depth:28; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597481/; classtype:trojan-activity;sid:84460581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597475/; classtype:trojan-activity;sid:84460575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597458/; classtype:trojan-activity;sid:84460558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597459/; classtype:trojan-activity;sid:84460559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597460/; classtype:trojan-activity;sid:84460560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597461/; classtype:trojan-activity;sid:84460561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597462/; classtype:trojan-activity;sid:84460562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597463/; classtype:trojan-activity;sid:84460563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597464/; classtype:trojan-activity;sid:84460564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597465/; classtype:trojan-activity;sid:84460565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arc"; depth:16; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597466/; classtype:trojan-activity;sid:84460566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597467/; classtype:trojan-activity;sid:84460567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/csky"; depth:5; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597468/; classtype:trojan-activity;sid:84460568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597469/; classtype:trojan-activity;sid:84460569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597470/; classtype:trojan-activity;sid:84460570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597471/; classtype:trojan-activity;sid:84460571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597472/; classtype:trojan-activity;sid:84460572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597473/; classtype:trojan-activity;sid:84460573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597474/; classtype:trojan-activity;sid:84460574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.219.52"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597457/; classtype:trojan-activity;sid:84460557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.144.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597456/; classtype:trojan-activity;sid:84460556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.204.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597455/; classtype:trojan-activity;sid:84460555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/optimized_msi_pro/optimized_msi_pro.png"; depth:49; endswith; nocase; http.host; content:"archive.org"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597454/; classtype:trojan-activity;sid:84460554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/hbrg6451nhbr45nhj.txt"; depth:28; endswith; nocase; http.host; content:"107.150.0.86"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597453/; classtype:trojan-activity;sid:84460553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/pg70toll/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597452/; classtype:trojan-activity;sid:84460552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.232.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597450/; classtype:trojan-activity;sid:84460550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.94.220.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597451/; classtype:trojan-activity;sid:84460551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597448/; classtype:trojan-activity;sid:84460548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox.sh"; depth:11; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597449/; classtype:trojan-activity;sid:84460549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597447/; classtype:trojan-activity;sid:84460547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597446/; classtype:trojan-activity;sid:84460546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597441/; classtype:trojan-activity;sid:84460541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597442/; classtype:trojan-activity;sid:84460542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597443/; classtype:trojan-activity;sid:84460543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597444/; classtype:trojan-activity;sid:84460544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"67.211.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597445/; classtype:trojan-activity;sid:84460545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.47.62"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597440/; classtype:trojan-activity;sid:84460540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.209.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597439/; classtype:trojan-activity;sid:84460539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xor/svchosts1.exe"; depth:18; endswith; nocase; http.host; content:"80.78.24.219"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597438/; classtype:trojan-activity;sid:84460538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xor/svchosts.exe"; depth:17; endswith; nocase; http.host; content:"80.78.24.219"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597437/; classtype:trojan-activity;sid:84460537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1013240947/ulgldhh.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597436/; classtype:trojan-activity;sid:84460536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/korone.vtuber"; depth:14; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597435/; classtype:trojan-activity;sid:84460535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayame.vtuber"; depth:13; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597433/; classtype:trojan-activity;sid:84460533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haachama.vtuber"; depth:16; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597434/; classtype:trojan-activity;sid:84460534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amelia.vtuber"; depth:14; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597420/; classtype:trojan-activity;sid:84460520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mori.vtuber"; depth:12; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597421/; classtype:trojan-activity;sid:84460521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/okayu.vtuber"; depth:13; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597422/; classtype:trojan-activity;sid:84460522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fubuki.vtuber"; depth:14; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597423/; classtype:trojan-activity;sid:84460523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subaru.vtuber"; depth:14; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597424/; classtype:trojan-activity;sid:84460524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/towa.vtuber"; depth:12; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597425/; classtype:trojan-activity;sid:84460525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gura.vtuber"; depth:12; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597426/; classtype:trojan-activity;sid:84460526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mumei.vtuber"; depth:13; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597427/; classtype:trojan-activity;sid:84460527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiara.vtuber"; depth:13; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597428/; classtype:trojan-activity;sid:84460528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marine.vtuber"; depth:14; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597429/; classtype:trojan-activity;sid:84460529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pekora.vtuber"; depth:14; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597430/; classtype:trojan-activity;sid:84460530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shion.vtuber"; depth:13; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597431/; classtype:trojan-activity;sid:84460531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laplus.vtuber"; depth:14; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597432/; classtype:trojan-activity;sid:84460532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597419/; classtype:trojan-activity;sid:84460519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe11"; depth:12; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597415/; classtype:trojan-activity;sid:84460515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usa_end.exe"; depth:12; endswith; nocase; http.host; content:"77.110.103.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597416/; classtype:trojan-activity;sid:84460516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597417/; classtype:trojan-activity;sid:84460517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597418/; classtype:trojan-activity;sid:84460518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe15"; depth:12; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597412/; classtype:trojan-activity;sid:84460512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597413/; classtype:trojan-activity;sid:84460513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5638395652/n13orij.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597414/; classtype:trojan-activity;sid:84460514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597403/; classtype:trojan-activity;sid:84460503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597404/; classtype:trojan-activity;sid:84460504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597405/; classtype:trojan-activity;sid:84460505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597406/; classtype:trojan-activity;sid:84460506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597407/; classtype:trojan-activity;sid:84460507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597408/; classtype:trojan-activity;sid:84460508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597409/; classtype:trojan-activity;sid:84460509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"134.209.205.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597410/; classtype:trojan-activity;sid:84460510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597411/; classtype:trojan-activity;sid:84460511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8327455725/4ewfpzv.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597399/; classtype:trojan-activity;sid:84460499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe10"; depth:12; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597400/; classtype:trojan-activity;sid:84460500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crains.sh"; depth:10; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597401/; classtype:trojan-activity;sid:84460501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe14"; depth:12; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597402/; classtype:trojan-activity;sid:84460502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7251572078/wowuirv.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597394/; classtype:trojan-activity;sid:84460494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe5"; depth:11; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597395/; classtype:trojan-activity;sid:84460495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whale.sh"; depth:9; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597396/; classtype:trojan-activity;sid:84460496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wgainer.sh"; depth:11; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597397/; classtype:trojan-activity;sid:84460497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/777476257/npqcxqw.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597398/; classtype:trojan-activity;sid:84460498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe2"; depth:11; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597382/; classtype:trojan-activity;sid:84460482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe9"; depth:11; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597383/; classtype:trojan-activity;sid:84460483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe13"; depth:12; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597384/; classtype:trojan-activity;sid:84460484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe7"; depth:11; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597385/; classtype:trojan-activity;sid:84460485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe3"; depth:11; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597386/; classtype:trojan-activity;sid:84460486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597387/; classtype:trojan-activity;sid:84460487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597388/; classtype:trojan-activity;sid:84460488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe12"; depth:12; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597389/; classtype:trojan-activity;sid:84460489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe8"; depth:11; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597390/; classtype:trojan-activity;sid:84460490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe4"; depth:11; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597391/; classtype:trojan-activity;sid:84460491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woah/wewe6"; depth:11; endswith; nocase; http.host; content:"45.83.31.139"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597392/; classtype:trojan-activity;sid:84460492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"195.178.110.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597393/; classtype:trojan-activity;sid:84460493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8052963817/5enw3zs.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597380/; classtype:trojan-activity;sid:84460480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8032789473/q97mwl3.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597381/; classtype:trojan-activity;sid:84460481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"117.72.183.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597379/; classtype:trojan-activity;sid:84460479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sls/bdxnsmp.exe"; depth:16; endswith; nocase; http.host; content:"bookvrff.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597378/; classtype:trojan-activity;sid:84460478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.207.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597377/; classtype:trojan-activity;sid:84460477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updserc.zip"; depth:12; endswith; nocase; http.host; content:"emprotel.net.bo"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597374/; classtype:trojan-activity;sid:84460474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/geoor81/fisjfoijshfspayljhujoad0ifjsfdu/refs/heads/main/excellentdlccrack.exe"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597375/; classtype:trojan-activity;sid:84460475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/mega_secretka.exe"; depth:26; endswith; nocase; http.host; content:"77.110.103.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597376/; classtype:trojan-activity;sid:84460476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.51.189"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597373/; classtype:trojan-activity;sid:84460473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/av.lnk"; depth:14; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597372/; classtype:trojan-activity;sid:84460472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/video.lnk"; depth:17; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597371/; classtype:trojan-activity;sid:84460471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/photo.lnk"; depth:17; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597370/; classtype:trojan-activity;sid:84460470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/av.lnk"; depth:15; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597369/; classtype:trojan-activity;sid:84460469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/av.scr"; depth:14; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597368/; classtype:trojan-activity;sid:84460468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/av.scr"; depth:14; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597367/; classtype:trojan-activity;sid:84460467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597366/; classtype:trojan-activity;sid:84460466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597365/; classtype:trojan-activity;sid:84460465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/video.scr"; depth:17; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597364/; classtype:trojan-activity;sid:84460464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/photo.scr"; depth:17; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597363/; classtype:trojan-activity;sid:84460463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/av.scr"; depth:15; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597362/; classtype:trojan-activity;sid:84460462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/video.scr"; depth:17; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597361/; classtype:trojan-activity;sid:84460461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/video.scr"; depth:17; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597360/; classtype:trojan-activity;sid:84460460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/video.scr"; depth:18; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597359/; classtype:trojan-activity;sid:84460459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/photo.scr"; depth:17; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597358/; classtype:trojan-activity;sid:84460458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597356/; classtype:trojan-activity;sid:84460456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/photo.scr"; depth:18; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597357/; classtype:trojan-activity;sid:84460457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/av.scr"; depth:14; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597355/; classtype:trojan-activity;sid:84460455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/av.scr"; depth:15; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597354/; classtype:trojan-activity;sid:84460454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/photo.scr"; depth:17; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597352/; classtype:trojan-activity;sid:84460452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/video.scr"; depth:17; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597353/; classtype:trojan-activity;sid:84460453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597350/; classtype:trojan-activity;sid:84460450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/photo.scr"; depth:17; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597351/; classtype:trojan-activity;sid:84460451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/av.lnk"; depth:14; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597349/; classtype:trojan-activity;sid:84460449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597342/; classtype:trojan-activity;sid:84460442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597343/; classtype:trojan-activity;sid:84460443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/photo.scr"; depth:18; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597344/; classtype:trojan-activity;sid:84460444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/video.scr"; depth:18; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597345/; classtype:trojan-activity;sid:84460445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/av.scr"; depth:14; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597346/; classtype:trojan-activity;sid:84460446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597347/; classtype:trojan-activity;sid:84460447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/video.lnk"; depth:18; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597348/; classtype:trojan-activity;sid:84460448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/photo.lnk"; depth:18; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597340/; classtype:trojan-activity;sid:84460440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/av.lnk"; depth:15; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597341/; classtype:trojan-activity;sid:84460441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/photo.lnk"; depth:18; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597338/; classtype:trojan-activity;sid:84460438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597339/; classtype:trojan-activity;sid:84460439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/photo.lnk"; depth:17; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597334/; classtype:trojan-activity;sid:84460434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/video.lnk"; depth:17; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597335/; classtype:trojan-activity;sid:84460435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/video.lnk"; depth:17; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597336/; classtype:trojan-activity;sid:84460436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/av.lnk"; depth:14; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597337/; classtype:trojan-activity;sid:84460437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597325/; classtype:trojan-activity;sid:84460425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/video.lnk"; depth:17; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597326/; classtype:trojan-activity;sid:84460426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597327/; classtype:trojan-activity;sid:84460427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/av.lnk"; depth:14; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597328/; classtype:trojan-activity;sid:84460428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modules/video.lnk"; depth:18; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597329/; classtype:trojan-activity;sid:84460429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/photo.lnk"; depth:17; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597330/; classtype:trojan-activity;sid:84460430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"182.143.112.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597331/; classtype:trojan-activity;sid:84460431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/photo.lnk"; depth:17; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597332/; classtype:trojan-activity;sid:84460432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"182.143.113.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597333/; classtype:trojan-activity;sid:84460433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.47.62"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597324/; classtype:trojan-activity;sid:84460424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.219"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597323/; classtype:trojan-activity;sid:84460423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.54"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597322/; classtype:trojan-activity;sid:84460422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.238.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597321/; classtype:trojan-activity;sid:84460421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.82.6"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597320/; classtype:trojan-activity;sid:84460420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.54"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597319/; classtype:trojan-activity;sid:84460419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.218.221"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597318/; classtype:trojan-activity;sid:84460418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.160"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597317/; classtype:trojan-activity;sid:84460417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.51.189"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597316/; classtype:trojan-activity;sid:84460416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.29.183"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597315/; classtype:trojan-activity;sid:84460415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.91.61"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597314/; classtype:trojan-activity;sid:84460414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.113"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597313/; classtype:trojan-activity;sid:84460413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.24.214"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597312/; classtype:trojan-activity;sid:84460412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.29.183"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597311/; classtype:trojan-activity;sid:84460411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.68.235.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597310/; classtype:trojan-activity;sid:84460410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.24.214"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597309/; classtype:trojan-activity;sid:84460409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.91.61"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597308/; classtype:trojan-activity;sid:84460408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.89.111.201"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597307/; classtype:trojan-activity;sid:84460407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.82.6"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597306/; classtype:trojan-activity;sid:84460406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597305/; classtype:trojan-activity;sid:84460405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.185.94.64"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597304/; classtype:trojan-activity;sid:84460404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.68.235.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597303/; classtype:trojan-activity;sid:84460403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.113.80"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597301/; classtype:trojan-activity;sid:84460401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.67.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597302/; classtype:trojan-activity;sid:84460402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597300/; classtype:trojan-activity;sid:84460400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.222.62.126"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597299/; classtype:trojan-activity;sid:84460399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.67.209"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597298/; classtype:trojan-activity;sid:84460398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.89.111.201"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597297/; classtype:trojan-activity;sid:84460397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.185.94.64"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597296/; classtype:trojan-activity;sid:84460396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597293/; classtype:trojan-activity;sid:84460393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"87.121.84.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597294/; classtype:trojan-activity;sid:84460394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"87.121.84.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597295/; classtype:trojan-activity;sid:84460395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"87.121.84.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597292/; classtype:trojan-activity;sid:84460392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"176.65.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597290/; classtype:trojan-activity;sid:84460390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"87.121.84.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597291/; classtype:trojan-activity;sid:84460391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.148.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597289/; classtype:trojan-activity;sid:84460389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"176.65.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597284/; classtype:trojan-activity;sid:84460384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"176.65.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597285/; classtype:trojan-activity;sid:84460385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.148.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597286/; classtype:trojan-activity;sid:84460386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.148.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597287/; classtype:trojan-activity;sid:84460387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"87.121.84.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597288/; classtype:trojan-activity;sid:84460388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.148.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597283/; classtype:trojan-activity;sid:84460383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"87.121.84.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597277/; classtype:trojan-activity;sid:84460377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"87.121.84.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597278/; classtype:trojan-activity;sid:84460378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"87.121.84.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597279/; classtype:trojan-activity;sid:84460379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"176.65.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597280/; classtype:trojan-activity;sid:84460380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.148.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597281/; classtype:trojan-activity;sid:84460381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"176.65.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597282/; classtype:trojan-activity;sid:84460382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.148.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597262/; classtype:trojan-activity;sid:84460362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"176.65.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597263/; classtype:trojan-activity;sid:84460363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597264/; classtype:trojan-activity;sid:84460364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597265/; classtype:trojan-activity;sid:84460365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597266/; classtype:trojan-activity;sid:84460366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597267/; classtype:trojan-activity;sid:84460367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86-debug"; depth:28; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597268/; classtype:trojan-activity;sid:84460368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597269/; classtype:trojan-activity;sid:84460369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"176.65.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597270/; classtype:trojan-activity;sid:84460370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597271/; classtype:trojan-activity;sid:84460371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"87.121.84.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597272/; classtype:trojan-activity;sid:84460372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"87.121.84.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597273/; classtype:trojan-activity;sid:84460373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597274/; classtype:trojan-activity;sid:84460374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597275/; classtype:trojan-activity;sid:84460375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"87.121.84.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597276/; classtype:trojan-activity;sid:84460376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597254/; classtype:trojan-activity;sid:84460354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.148.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597255/; classtype:trojan-activity;sid:84460355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.148.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597256/; classtype:trojan-activity;sid:84460356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.148.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597257/; classtype:trojan-activity;sid:84460357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597258/; classtype:trojan-activity;sid:84460358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.148.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597259/; classtype:trojan-activity;sid:84460359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.148.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597260/; classtype:trojan-activity;sid:84460360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597261/; classtype:trojan-activity;sid:84460361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"176.65.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597253/; classtype:trojan-activity;sid:84460353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"176.65.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597252/; classtype:trojan-activity;sid:84460352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.129.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597251/; classtype:trojan-activity;sid:84460351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.67.209"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597250/; classtype:trojan-activity;sid:84460350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.57.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597249/; classtype:trojan-activity;sid:84460349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.194.160"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597248/; classtype:trojan-activity;sid:84460348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.55.173.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597247/; classtype:trojan-activity;sid:84460347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.73.15"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597246/; classtype:trojan-activity;sid:84460346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.182.11"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597245/; classtype:trojan-activity;sid:84460345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.129.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597244/; classtype:trojan-activity;sid:84460344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.194.160"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597243/; classtype:trojan-activity;sid:84460343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.64.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597242/; classtype:trojan-activity;sid:84460342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.185.50"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597241/; classtype:trojan-activity;sid:84460341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.6.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597240/; classtype:trojan-activity;sid:84460340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.95.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597239/; classtype:trojan-activity;sid:84460339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.226.208.41"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597238/; classtype:trojan-activity;sid:84460338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.95.241"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597237/; classtype:trojan-activity;sid:84460337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.102.140.63"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597236/; classtype:trojan-activity;sid:84460336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.247.16.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597234/; classtype:trojan-activity;sid:84460334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.233.234"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597235/; classtype:trojan-activity;sid:84460335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.113.80"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597230/; classtype:trojan-activity;sid:84460330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.37.12"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597231/; classtype:trojan-activity;sid:84460331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.102.140.63"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597232/; classtype:trojan-activity;sid:84460332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.238.246"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597233/; classtype:trojan-activity;sid:84460333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.185.50"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597229/; classtype:trojan-activity;sid:84460329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.178.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597228/; classtype:trojan-activity;sid:84460328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.136.103"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597227/; classtype:trojan-activity;sid:84460327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.45.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597226/; classtype:trojan-activity;sid:84460326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.178.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597225/; classtype:trojan-activity;sid:84460325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.122.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597223/; classtype:trojan-activity;sid:84460323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.161.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597224/; classtype:trojan-activity;sid:84460324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.5.98"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597222/; classtype:trojan-activity;sid:84460322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.45.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597221/; classtype:trojan-activity;sid:84460321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.85.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597220/; classtype:trojan-activity;sid:84460320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.161.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597219/; classtype:trojan-activity;sid:84460319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.73.244"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597218/; classtype:trojan-activity;sid:84460318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.26.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597217/; classtype:trojan-activity;sid:84460317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.29.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597216/; classtype:trojan-activity;sid:84460316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.26.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597215/; classtype:trojan-activity;sid:84460315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.54.29.54"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597214/; classtype:trojan-activity;sid:84460314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.33.85"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597213/; classtype:trojan-activity;sid:84460313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.29.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597212/; classtype:trojan-activity;sid:84460312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.149.120"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597210/; classtype:trojan-activity;sid:84460310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.60.228.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597211/; classtype:trojan-activity;sid:84460311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.60.228.0"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597209/; classtype:trojan-activity;sid:84460309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.149.120"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597208/; classtype:trojan-activity;sid:84460308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.23.164"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597207/; classtype:trojan-activity;sid:84460307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.4.205"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597206/; classtype:trojan-activity;sid:84460306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.172.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597205/; classtype:trojan-activity;sid:84460305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.90.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597204/; classtype:trojan-activity;sid:84460304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.113"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597203/; classtype:trojan-activity;sid:84460303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.23.164"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597202/; classtype:trojan-activity;sid:84460302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.239.160"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597201/; classtype:trojan-activity;sid:84460301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.172.20"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597200/; classtype:trojan-activity;sid:84460300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.240.236"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597199/; classtype:trojan-activity;sid:84460299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.239.160"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597198/; classtype:trojan-activity;sid:84460298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.90.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597197/; classtype:trojan-activity;sid:84460297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.251.98.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597196/; classtype:trojan-activity;sid:84460296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.171.177.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597195/; classtype:trojan-activity;sid:84460295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.251.98.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597194/; classtype:trojan-activity;sid:84460294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.9.182"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597192/; classtype:trojan-activity;sid:84460292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.9.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597193/; classtype:trojan-activity;sid:84460293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.171.177.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597191/; classtype:trojan-activity;sid:84460291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/av.lnk"; depth:88; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597188/; classtype:trojan-activity;sid:84460288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231222%e5%bd%b1%e6%8a%80/video.lnk"; depth:37; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597189/; classtype:trojan-activity;sid:84460289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.lnk"; depth:120; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597190/; classtype:trojan-activity;sid:84460290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/video.scr"; depth:91; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597186/; classtype:trojan-activity;sid:84460286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.scr"; depth:120; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597187/; classtype:trojan-activity;sid:84460287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.scr"; depth:117; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597185/; classtype:trojan-activity;sid:84460285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/212925334128/photo.lnk"; depth:23; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597183/; classtype:trojan-activity;sid:84460283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.scr"; depth:120; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597184/; classtype:trojan-activity;sid:84460284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/212925334128/video.lnk"; depth:23; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597181/; classtype:trojan-activity;sid:84460281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.scr"; depth:117; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597182/; classtype:trojan-activity;sid:84460282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/212925334128/av.lnk"; depth:20; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597179/; classtype:trojan-activity;sid:84460279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.lnk"; depth:120; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597180/; classtype:trojan-activity;sid:84460280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thumbnails/video.scr"; depth:21; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597178/; classtype:trojan-activity;sid:84460278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231222%e5%bd%b1%e6%8a%80/video.scr"; depth:37; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597173/; classtype:trojan-activity;sid:84460273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.scr"; depth:120; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597174/; classtype:trojan-activity;sid:84460274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231222%e5%bd%b1%e6%8a%80/av.scr"; depth:34; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597175/; classtype:trojan-activity;sid:84460275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.lnk"; depth:120; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597176/; classtype:trojan-activity;sid:84460276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.scr"; depth:120; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597177/; classtype:trojan-activity;sid:84460277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231222%e5%bd%b1%e6%8a%80/photo.scr"; depth:37; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597170/; classtype:trojan-activity;sid:84460270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thumbnails/photo.scr"; depth:21; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597171/; classtype:trojan-activity;sid:84460271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/photo.scr"; depth:91; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597172/; classtype:trojan-activity;sid:84460272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thumbnails/av.lnk"; depth:18; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597168/; classtype:trojan-activity;sid:84460268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/video.lnk"; depth:91; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597169/; classtype:trojan-activity;sid:84460269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thumbnails/photo.lnk"; depth:21; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597162/; classtype:trojan-activity;sid:84460262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231222%e5%bd%b1%e6%8a%80/av.lnk"; depth:34; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597163/; classtype:trojan-activity;sid:84460263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thumbnails/video.lnk"; depth:21; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597164/; classtype:trojan-activity;sid:84460264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.lnk"; depth:117; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597165/; classtype:trojan-activity;sid:84460265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.lnk"; depth:117; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597166/; classtype:trojan-activity;sid:84460266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.lnk"; depth:120; endswith; nocase; http.host; content:"58.22.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597167/; classtype:trojan-activity;sid:84460267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/212925334128/av.scr"; depth:20; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597157/; classtype:trojan-activity;sid:84460257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/212925334128/video.scr"; depth:23; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597158/; classtype:trojan-activity;sid:84460258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/video.scr"; depth:15; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597159/; classtype:trojan-activity;sid:84460259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/photo.scr"; depth:15; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597160/; classtype:trojan-activity;sid:84460260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thumbnails/av.scr"; depth:18; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597161/; classtype:trojan-activity;sid:84460261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.23.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597156/; classtype:trojan-activity;sid:84460256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.9.182"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597155/; classtype:trojan-activity;sid:84460255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.171.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597154/; classtype:trojan-activity;sid:84460254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.83.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597153/; classtype:trojan-activity;sid:84460253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.70.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597152/; classtype:trojan-activity;sid:84460252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.171.159"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597151/; classtype:trojan-activity;sid:84460251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmyjungmin/img001.exe"; depth:22; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597150/; classtype:trojan-activity;sid:84460250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.70.228"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597149/; classtype:trojan-activity;sid:84460249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.83.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597148/; classtype:trojan-activity;sid:84460248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.234.78"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597147/; classtype:trojan-activity;sid:84460247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.123.217"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597146/; classtype:trojan-activity;sid:84460246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.38.11"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597145/; classtype:trojan-activity;sid:84460245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"139.59.106.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597141/; classtype:trojan-activity;sid:84460241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"139.59.106.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597142/; classtype:trojan-activity;sid:84460242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"139.59.106.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597143/; classtype:trojan-activity;sid:84460243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vtubers.sh"; depth:11; endswith; nocase; http.host; content:"172.233.82.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597144/; classtype:trojan-activity;sid:84460244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.230.66.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597140/; classtype:trojan-activity;sid:84460240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"45.230.66.104"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597139/; classtype:trojan-activity;sid:84460239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/https-230.exe"; depth:14; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597138/; classtype:trojan-activity;sid:84460238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597137/; classtype:trojan-activity;sid:84460237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597136/; classtype:trojan-activity;sid:84460236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver.exe"; depth:8; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597135/; classtype:trojan-activity;sid:84460235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yi"; depth:3; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597134/; classtype:trojan-activity;sid:84460234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm64"; depth:6; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597133/; classtype:trojan-activity;sid:84460233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server"; depth:7; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597132/; classtype:trojan-activity;sid:84460232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.217.189"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597131/; classtype:trojan-activity;sid:84460231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yi.sh"; depth:6; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597126/; classtype:trojan-activity;sid:84460226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86.bin"; depth:8; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597127/; classtype:trojan-activity;sid:84460227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server.exe"; depth:11; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597128/; classtype:trojan-activity;sid:84460228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x64.bin"; depth:8; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597129/; classtype:trojan-activity;sid:84460229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.234.78"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597130/; classtype:trojan-activity;sid:84460230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"93.177.151.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597118/; classtype:trojan-activity;sid:84460218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.199.129"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597119/; classtype:trojan-activity;sid:84460219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.217"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597120/; classtype:trojan-activity;sid:84460220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.247.16.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597121/; classtype:trojan-activity;sid:84460221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"68.183.177.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597122/; classtype:trojan-activity;sid:84460222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"68.183.177.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597123/; classtype:trojan-activity;sid:84460223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"68.183.177.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597124/; classtype:trojan-activity;sid:84460224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"68.183.177.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597125/; classtype:trojan-activity;sid:84460225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.74.116.201"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597114/; classtype:trojan-activity;sid:84460214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.192.2"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597115/; classtype:trojan-activity;sid:84460215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"68.183.177.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597116/; classtype:trojan-activity;sid:84460216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"68.183.177.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597117/; classtype:trojan-activity;sid:84460217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.64.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597113/; classtype:trojan-activity;sid:84460213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.179.64"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597112/; classtype:trojan-activity;sid:84460212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.59.107.34"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597110/; classtype:trojan-activity;sid:84460210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa.sh"; depth:7; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597111/; classtype:trojan-activity;sid:84460211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mshell"; depth:7; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597109/; classtype:trojan-activity;sid:84460209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"113.116.148.144"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597108/; classtype:trojan-activity;sid:84460208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"113.116.148.144"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597107/; classtype:trojan-activity;sid:84460207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.172.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597106/; classtype:trojan-activity;sid:84460206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.234.247"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597105/; classtype:trojan-activity;sid:84460205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.33.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597104/; classtype:trojan-activity;sid:84460204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.172.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597103/; classtype:trojan-activity;sid:84460203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.126.86.115"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597102/; classtype:trojan-activity;sid:84460202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.118.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597101/; classtype:trojan-activity;sid:84460201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.7.39"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597100/; classtype:trojan-activity;sid:84460200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.246.88"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597099/; classtype:trojan-activity;sid:84460199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.33.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597098/; classtype:trojan-activity;sid:84460198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.118.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597097/; classtype:trojan-activity;sid:84460197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.234.247"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597096/; classtype:trojan-activity;sid:84460196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.7.39"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597095/; classtype:trojan-activity;sid:84460195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.109.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597094/; classtype:trojan-activity;sid:84460194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.246.88"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597093/; classtype:trojan-activity;sid:84460193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.14.78.168"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597092/; classtype:trojan-activity;sid:84460192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.5.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597091/; classtype:trojan-activity;sid:84460191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.204"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597090/; classtype:trojan-activity;sid:84460190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.14.78.168"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597089/; classtype:trojan-activity;sid:84460189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.204"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597088/; classtype:trojan-activity;sid:84460188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.67.48.227"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597087/; classtype:trojan-activity;sid:84460187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.43.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597086/; classtype:trojan-activity;sid:84460186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.26.104"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597085/; classtype:trojan-activity;sid:84460185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.19.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597084/; classtype:trojan-activity;sid:84460184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.24.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597083/; classtype:trojan-activity;sid:84460183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new2.msi"; depth:9; endswith; nocase; http.host; content:"nitrofeatures.app"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597082/; classtype:trojan-activity;sid:84460182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.43.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597081/; classtype:trojan-activity;sid:84460181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.24.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597080/; classtype:trojan-activity;sid:84460180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.139.56"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597079/; classtype:trojan-activity;sid:84460179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.19.194"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597078/; classtype:trojan-activity;sid:84460178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.112.167"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597077/; classtype:trojan-activity;sid:84460177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.252.209"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597076/; classtype:trojan-activity;sid:84460176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.139.56"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597075/; classtype:trojan-activity;sid:84460175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.195.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597074/; classtype:trojan-activity;sid:84460174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.70.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597073/; classtype:trojan-activity;sid:84460173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.195.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597072/; classtype:trojan-activity;sid:84460172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.68.201"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597071/; classtype:trojan-activity;sid:84460171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.112.167"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597070/; classtype:trojan-activity;sid:84460170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.194.201"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597069/; classtype:trojan-activity;sid:84460169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.68.201"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597068/; classtype:trojan-activity;sid:84460168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.56.33"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597067/; classtype:trojan-activity;sid:84460167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.208.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597066/; classtype:trojan-activity;sid:84460166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.56.33"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597065/; classtype:trojan-activity;sid:84460165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.24.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597064/; classtype:trojan-activity;sid:84460164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.207.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597063/; classtype:trojan-activity;sid:84460163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.124.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597062/; classtype:trojan-activity;sid:84460162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.16.106.209"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597061/; classtype:trojan-activity;sid:84460161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.56.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597060/; classtype:trojan-activity;sid:84460160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.233.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597059/; classtype:trojan-activity;sid:84460159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.186.57"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597058/; classtype:trojan-activity;sid:84460158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.222.255.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597057/; classtype:trojan-activity;sid:84460157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.23.25"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597056/; classtype:trojan-activity;sid:84460156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.211.163"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597055/; classtype:trojan-activity;sid:84460155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zo.zip"; depth:7; endswith; nocase; http.host; content:"eugene-reuters-subdivision-quarter.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597054/; classtype:trojan-activity;sid:84460154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crew.bat"; depth:9; endswith; nocase; http.host; content:"eugene-reuters-subdivision-quarter.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597053/; classtype:trojan-activity;sid:84460153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.txt"; depth:6; endswith; nocase; http.host; content:"eugene-reuters-subdivision-quarter.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597052/; classtype:trojan-activity;sid:84460152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.211.163"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597051/; classtype:trojan-activity;sid:84460151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.195.26"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597050/; classtype:trojan-activity;sid:84460150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/rem2.txt"; depth:12; endswith; nocase; http.host; content:"www.stakloram.rs"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597049/; classtype:trojan-activity;sid:84460149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.197.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597048/; classtype:trojan-activity;sid:84460148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7624694033/le7wj6h.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597047/; classtype:trojan-activity;sid:84460147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.197.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597046/; classtype:trojan-activity;sid:84460146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"162.246.228.108"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597045/; classtype:trojan-activity;sid:84460145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7154568111/sqyyar4.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597044/; classtype:trojan-activity;sid:84460144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"74.214.56.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597042/; classtype:trojan-activity;sid:84460142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7687975642/s14ik8g.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597043/; classtype:trojan-activity;sid:84460143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webr-at/importantfiles/releases/download/1/ffmpeg.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597041/; classtype:trojan-activity;sid:84460141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webr-at/importantfiles/releases/download/1/7z.exe"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597040/; classtype:trojan-activity;sid:84460140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webr-at/importantfiles/releases/download/1/7z.dll"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597039/; classtype:trojan-activity;sid:84460139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webr-at/importantfiles/releases/download/1/axmstsclib.dll"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597037/; classtype:trojan-activity;sid:84460137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webr-at/importantfiles/releases/download/1/mstsclib.dll"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597038/; classtype:trojan-activity;sid:84460138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.5.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597036/; classtype:trojan-activity;sid:84460136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597034/; classtype:trojan-activity;sid:84460134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597035/; classtype:trojan-activity;sid:84460135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.227.84"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597033/; classtype:trojan-activity;sid:84460133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bg.jpg"; depth:7; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597032/; classtype:trojan-activity;sid:84460132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vog.bat"; depth:8; endswith; nocase; http.host; content:"turns-hung-sparc-wound.trycloudflare.com"; depth:40; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597031/; classtype:trojan-activity;sid:84460131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/documentinfo.pdf.lnk"; depth:25; endswith; nocase; http.host; content:"185.214.74.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597030/; classtype:trojan-activity;sid:84460130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver/fi.wsf"; depth:11; endswith; nocase; http.host; content:"turns-hung-sparc-wound.trycloudflare.com"; depth:40; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597029/; classtype:trojan-activity;sid:84460129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.154.74"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597027/; classtype:trojan-activity;sid:84460127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/rbvzhh3d/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597028/; classtype:trojan-activity;sid:84460128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver/tuts.wsh"; depth:13; endswith; nocase; http.host; content:"turns-hung-sparc-wound.trycloudflare.com"; depth:40; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597023/; classtype:trojan-activity;sid:84460123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"74.214.56.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597024/; classtype:trojan-activity;sid:84460124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/documentinfo.pdf.lnk"; depth:25; endswith; nocase; http.host; content:"turns-hung-sparc-wound.trycloudflare.com"; depth:40; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597025/; classtype:trojan-activity;sid:84460125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/gfnjdhzs/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597026/; classtype:trojan-activity;sid:84460126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.129.73"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597022/; classtype:trojan-activity;sid:84460122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vog.bat"; depth:8; endswith; nocase; http.host; content:"185.214.74.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597019/; classtype:trojan-activity;sid:84460119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver/tuts.wsh"; depth:13; endswith; nocase; http.host; content:"185.214.74.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597020/; classtype:trojan-activity;sid:84460120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver/fi.wsf"; depth:11; endswith; nocase; http.host; content:"185.214.74.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597021/; classtype:trojan-activity;sid:84460121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si/header.jpg"; depth:14; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597017/; classtype:trojan-activity;sid:84460117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/header.jpg"; depth:11; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597011/; classtype:trojan-activity;sid:84460111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wintwee.ps1"; depth:12; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597012/; classtype:trojan-activity;sid:84460112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimization/explopt.exe"; depth:25; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597013/; classtype:trojan-activity;sid:84460113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimization/winoptimizer.exe"; depth:30; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597014/; classtype:trojan-activity;sid:84460114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sprite.png"; depth:11; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597015/; classtype:trojan-activity;sid:84460115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.bat"; depth:12; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597016/; classtype:trojan-activity;sid:84460116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14/items/msi_20250801/msi.png"; depth:30; endswith; nocase; http.host; content:"ia803206.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597010/; classtype:trojan-activity;sid:84460110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si/sprite.png"; depth:14; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597004/; classtype:trojan-activity;sid:84460104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si/bg.jpg"; depth:10; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597005/; classtype:trojan-activity;sid:84460105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi.png"; depth:8; endswith; nocase; http.host; content:"transferprotocolforsharingfiles.cloud"; depth:37; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597006/; classtype:trojan-activity;sid:84460106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/get|3f|filekey=4mg89gp3e7akkcwqqgvgxbd3tchcqzcuiqrhll9-zvzyei1qckcwr6w|7c|26|7c|skipreg=true|7c|26|7c|pk_vid=31b70f9689ef41a717539904678784ad"; depth:151; endswith; nocase; http.host; content:"1005.filemail.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597007/; classtype:trojan-activity;sid:84460107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7269512085/rscyaix.msi"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597008/; classtype:trojan-activity;sid:84460108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/cv/msi.png"; depth:17; endswith; nocase; http.host; content:"96.44.159.142"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597009/; classtype:trojan-activity;sid:84460109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14/items/msi_20250801/msi.png"; depth:30; endswith; nocase; http.host; content:"ia803206.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597002/; classtype:trojan-activity;sid:84460102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/cv/msi.png"; depth:17; endswith; nocase; http.host; content:"216.9.224.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597003/; classtype:trojan-activity;sid:84460103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32/eccv/createdbestfeelingwithbetterwaysgoodfornicepoplesaround_______createdbestfeelingwithbetterwaysgoodfornicepoplesaround________createdbestfeelingwithbetterwaysgoodfornicepoplesaround.doc"; depth:193; endswith; nocase; http.host; content:"23.94.96.8"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597001/; classtype:trojan-activity;sid:84460101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.113.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596997/; classtype:trojan-activity;sid:84460097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimization/winopt.exe"; depth:24; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596998/; classtype:trojan-activity;sid:84460098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596999/; classtype:trojan-activity;sid:84460099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.81.16"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597000/; classtype:trojan-activity;sid:84460100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimization/optimizer.exe"; depth:27; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596995/; classtype:trojan-activity;sid:84460095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logo.png"; depth:9; endswith; nocase; http.host; content:"144.91.103.204"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596996/; classtype:trojan-activity;sid:84460096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32/createdbestfeelingwithbetterwaysgoodfornicepoplesaround.vbs"; depth:63; endswith; nocase; http.host; content:"23.94.96.8"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596993/; classtype:trojan-activity;sid:84460093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erors0"; depth:7; endswith; nocase; http.host; content:"link.emcdn.ru"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596994/; classtype:trojan-activity;sid:84460094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1685581595/uhyxauq.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596992/; classtype:trojan-activity;sid:84460092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"school-everyday.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596990/; classtype:trojan-activity;sid:84460090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"similar-meta.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596991/; classtype:trojan-activity;sid:84460091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596989/; classtype:trojan-activity;sid:84460089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596988/; classtype:trojan-activity;sid:84460088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596987/; classtype:trojan-activity;sid:84460087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596986/; classtype:trojan-activity;sid:84460086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596984/; classtype:trojan-activity;sid:84460084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596985/; classtype:trojan-activity;sid:84460085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596982/; classtype:trojan-activity;sid:84460082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"block-reset.gl.at.ply.gg"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596983/; classtype:trojan-activity;sid:84460083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596981/; classtype:trojan-activity;sid:84460081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596977/; classtype:trojan-activity;sid:84460077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596978/; classtype:trojan-activity;sid:84460078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596979/; classtype:trojan-activity;sid:84460079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596980/; classtype:trojan-activity;sid:84460080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"similar-meta.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596976/; classtype:trojan-activity;sid:84460076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"satisfactory.andresodev.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596969/; classtype:trojan-activity;sid:84460069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"late-researcher.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596970/; classtype:trojan-activity;sid:84460070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"study-leasing.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596971/; classtype:trojan-activity;sid:84460071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596972/; classtype:trojan-activity;sid:84460072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596973/; classtype:trojan-activity;sid:84460073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596974/; classtype:trojan-activity;sid:84460074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596975/; classtype:trojan-activity;sid:84460075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596967/; classtype:trojan-activity;sid:84460067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596968/; classtype:trojan-activity;sid:84460068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596966/; classtype:trojan-activity;sid:84460066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596962/; classtype:trojan-activity;sid:84460062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596963/; classtype:trojan-activity;sid:84460063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596964/; classtype:trojan-activity;sid:84460064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"school-everyday.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596965/; classtype:trojan-activity;sid:84460065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596956/; classtype:trojan-activity;sid:84460056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"similar-meta.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596957/; classtype:trojan-activity;sid:84460057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"publication-resolve.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596958/; classtype:trojan-activity;sid:84460058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"publication-resolve.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596959/; classtype:trojan-activity;sid:84460059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596960/; classtype:trojan-activity;sid:84460060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596961/; classtype:trojan-activity;sid:84460061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596951/; classtype:trojan-activity;sid:84460051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596952/; classtype:trojan-activity;sid:84460052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596953/; classtype:trojan-activity;sid:84460053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596954/; classtype:trojan-activity;sid:84460054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596955/; classtype:trojan-activity;sid:84460055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"similar-meta.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596946/; classtype:trojan-activity;sid:84460046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"similar-meta.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596947/; classtype:trojan-activity;sid:84460047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.minequest.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596948/; classtype:trojan-activity;sid:84460048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596949/; classtype:trojan-activity;sid:84460049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596950/; classtype:trojan-activity;sid:84460050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596943/; classtype:trojan-activity;sid:84460043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"school-everyday.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596944/; classtype:trojan-activity;sid:84460044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596945/; classtype:trojan-activity;sid:84460045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596942/; classtype:trojan-activity;sid:84460042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596940/; classtype:trojan-activity;sid:84460040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596941/; classtype:trojan-activity;sid:84460041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596937/; classtype:trojan-activity;sid:84460037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"block-reset.gl.at.ply.gg"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596938/; classtype:trojan-activity;sid:84460038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596939/; classtype:trojan-activity;sid:84460039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596935/; classtype:trojan-activity;sid:84460035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.minequest.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596936/; classtype:trojan-activity;sid:84460036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596932/; classtype:trojan-activity;sid:84460032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596933/; classtype:trojan-activity;sid:84460033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"school-everyday.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596934/; classtype:trojan-activity;sid:84460034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596931/; classtype:trojan-activity;sid:84460031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596927/; classtype:trojan-activity;sid:84460027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596928/; classtype:trojan-activity;sid:84460028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596929/; classtype:trojan-activity;sid:84460029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596930/; classtype:trojan-activity;sid:84460030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596921/; classtype:trojan-activity;sid:84460021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596922/; classtype:trojan-activity;sid:84460022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596923/; classtype:trojan-activity;sid:84460023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"study-leasing.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596924/; classtype:trojan-activity;sid:84460024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596925/; classtype:trojan-activity;sid:84460025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596926/; classtype:trojan-activity;sid:84460026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596920/; classtype:trojan-activity;sid:84460020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596915/; classtype:trojan-activity;sid:84460015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596916/; classtype:trojan-activity;sid:84460016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596917/; classtype:trojan-activity;sid:84460017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"nexorastudios.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596918/; classtype:trojan-activity;sid:84460018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"similar-meta.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596919/; classtype:trojan-activity;sid:84460019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596914/; classtype:trojan-activity;sid:84460014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596913/; classtype:trojan-activity;sid:84460013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596909/; classtype:trojan-activity;sid:84460009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596910/; classtype:trojan-activity;sid:84460010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596911/; classtype:trojan-activity;sid:84460011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"block-reset.gl.at.ply.gg"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596912/; classtype:trojan-activity;sid:84460012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596908/; classtype:trojan-activity;sid:84460008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"school-everyday.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596902/; classtype:trojan-activity;sid:84460002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596903/; classtype:trojan-activity;sid:84460003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"publication-resolve.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596904/; classtype:trojan-activity;sid:84460004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596905/; classtype:trojan-activity;sid:84460005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596906/; classtype:trojan-activity;sid:84460006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.minequest.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596907/; classtype:trojan-activity;sid:84460007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596901/; classtype:trojan-activity;sid:84460001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596895/; classtype:trojan-activity;sid:84459995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596896/; classtype:trojan-activity;sid:84459996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596897/; classtype:trojan-activity;sid:84459997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596898/; classtype:trojan-activity;sid:84459998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596899/; classtype:trojan-activity;sid:84459999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596900/; classtype:trojan-activity;sid:84460000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596892/; classtype:trojan-activity;sid:84459992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596893/; classtype:trojan-activity;sid:84459993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596894/; classtype:trojan-activity;sid:84459994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596887/; classtype:trojan-activity;sid:84459987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"satisfactory.andresodev.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596888/; classtype:trojan-activity;sid:84459988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596889/; classtype:trojan-activity;sid:84459989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596890/; classtype:trojan-activity;sid:84459990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"study-leasing.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596891/; classtype:trojan-activity;sid:84459991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"nexorastudios.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596886/; classtype:trojan-activity;sid:84459986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596881/; classtype:trojan-activity;sid:84459981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596882/; classtype:trojan-activity;sid:84459982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596883/; classtype:trojan-activity;sid:84459983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596884/; classtype:trojan-activity;sid:84459984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596885/; classtype:trojan-activity;sid:84459985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596879/; classtype:trojan-activity;sid:84459979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596880/; classtype:trojan-activity;sid:84459980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596873/; classtype:trojan-activity;sid:84459973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596874/; classtype:trojan-activity;sid:84459974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596875/; classtype:trojan-activity;sid:84459975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"nexorastudios.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596876/; classtype:trojan-activity;sid:84459976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596877/; classtype:trojan-activity;sid:84459977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596878/; classtype:trojan-activity;sid:84459978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596872/; classtype:trojan-activity;sid:84459972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596868/; classtype:trojan-activity;sid:84459968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"nexorastudios.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596869/; classtype:trojan-activity;sid:84459969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596870/; classtype:trojan-activity;sid:84459970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596871/; classtype:trojan-activity;sid:84459971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596861/; classtype:trojan-activity;sid:84459961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.minequest.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596862/; classtype:trojan-activity;sid:84459962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596863/; classtype:trojan-activity;sid:84459963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596864/; classtype:trojan-activity;sid:84459964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"block-reset.gl.at.ply.gg"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596865/; classtype:trojan-activity;sid:84459965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596866/; classtype:trojan-activity;sid:84459966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"satisfactory.andresodev.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596867/; classtype:trojan-activity;sid:84459967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596859/; classtype:trojan-activity;sid:84459959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596860/; classtype:trojan-activity;sid:84459960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596855/; classtype:trojan-activity;sid:84459955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596856/; classtype:trojan-activity;sid:84459956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"school-everyday.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596857/; classtype:trojan-activity;sid:84459957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596858/; classtype:trojan-activity;sid:84459958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"nexorastudios.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596849/; classtype:trojan-activity;sid:84459949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"late-researcher.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596850/; classtype:trojan-activity;sid:84459950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"block-reset.gl.at.ply.gg"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596851/; classtype:trojan-activity;sid:84459951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596852/; classtype:trojan-activity;sid:84459952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596853/; classtype:trojan-activity;sid:84459953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596854/; classtype:trojan-activity;sid:84459954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596839/; classtype:trojan-activity;sid:84459939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596840/; classtype:trojan-activity;sid:84459940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"nexorastudios.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596841/; classtype:trojan-activity;sid:84459941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596842/; classtype:trojan-activity;sid:84459942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596843/; classtype:trojan-activity;sid:84459943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596844/; classtype:trojan-activity;sid:84459944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596845/; classtype:trojan-activity;sid:84459945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"nexorastudios.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596846/; classtype:trojan-activity;sid:84459946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"block-reset.gl.at.ply.gg"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596847/; classtype:trojan-activity;sid:84459947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596848/; classtype:trojan-activity;sid:84459948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596836/; classtype:trojan-activity;sid:84459936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596837/; classtype:trojan-activity;sid:84459937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596838/; classtype:trojan-activity;sid:84459938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596832/; classtype:trojan-activity;sid:84459932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596833/; classtype:trojan-activity;sid:84459933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"school-everyday.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596834/; classtype:trojan-activity;sid:84459934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596835/; classtype:trojan-activity;sid:84459935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596829/; classtype:trojan-activity;sid:84459929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596830/; classtype:trojan-activity;sid:84459930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596831/; classtype:trojan-activity;sid:84459931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"late-researcher.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596827/; classtype:trojan-activity;sid:84459927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"play.minequest.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596828/; classtype:trojan-activity;sid:84459928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596825/; classtype:trojan-activity;sid:84459925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596826/; classtype:trojan-activity;sid:84459926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596821/; classtype:trojan-activity;sid:84459921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596822/; classtype:trojan-activity;sid:84459922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596823/; classtype:trojan-activity;sid:84459923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596824/; classtype:trojan-activity;sid:84459924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596819/; classtype:trojan-activity;sid:84459919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596820/; classtype:trojan-activity;sid:84459920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596816/; classtype:trojan-activity;sid:84459916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596817/; classtype:trojan-activity;sid:84459917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596818/; classtype:trojan-activity;sid:84459918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596813/; classtype:trojan-activity;sid:84459913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"block-reset.gl.at.ply.gg"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596814/; classtype:trojan-activity;sid:84459914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596815/; classtype:trojan-activity;sid:84459915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"late-researcher.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596809/; classtype:trojan-activity;sid:84459909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"block-reset.gl.at.ply.gg"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596810/; classtype:trojan-activity;sid:84459910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596811/; classtype:trojan-activity;sid:84459911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"publication-resolve.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596812/; classtype:trojan-activity;sid:84459912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596806/; classtype:trojan-activity;sid:84459906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596807/; classtype:trojan-activity;sid:84459907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596808/; classtype:trojan-activity;sid:84459908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"play.minequest.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596801/; classtype:trojan-activity;sid:84459901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596802/; classtype:trojan-activity;sid:84459902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596803/; classtype:trojan-activity;sid:84459903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596804/; classtype:trojan-activity;sid:84459904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596805/; classtype:trojan-activity;sid:84459905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596799/; classtype:trojan-activity;sid:84459899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596800/; classtype:trojan-activity;sid:84459900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596794/; classtype:trojan-activity;sid:84459894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596795/; classtype:trojan-activity;sid:84459895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"similar-meta.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596796/; classtype:trojan-activity;sid:84459896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596797/; classtype:trojan-activity;sid:84459897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596798/; classtype:trojan-activity;sid:84459898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596790/; classtype:trojan-activity;sid:84459890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596791/; classtype:trojan-activity;sid:84459891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"late-researcher.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596792/; classtype:trojan-activity;sid:84459892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"late-researcher.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596793/; classtype:trojan-activity;sid:84459893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596786/; classtype:trojan-activity;sid:84459886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596787/; classtype:trojan-activity;sid:84459887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596788/; classtype:trojan-activity;sid:84459888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.minequest.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596789/; classtype:trojan-activity;sid:84459889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596785/; classtype:trojan-activity;sid:84459885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596784/; classtype:trojan-activity;sid:84459884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596776/; classtype:trojan-activity;sid:84459876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596777/; classtype:trojan-activity;sid:84459877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"study-leasing.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596778/; classtype:trojan-activity;sid:84459878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596779/; classtype:trojan-activity;sid:84459879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.minequest.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596780/; classtype:trojan-activity;sid:84459880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596781/; classtype:trojan-activity;sid:84459881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"study-leasing.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596782/; classtype:trojan-activity;sid:84459882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"study-leasing.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596783/; classtype:trojan-activity;sid:84459883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596774/; classtype:trojan-activity;sid:84459874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596775/; classtype:trojan-activity;sid:84459875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596772/; classtype:trojan-activity;sid:84459872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596773/; classtype:trojan-activity;sid:84459873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596771/; classtype:trojan-activity;sid:84459871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596770/; classtype:trojan-activity;sid:84459870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596769/; classtype:trojan-activity;sid:84459869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"publication-resolve.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596765/; classtype:trojan-activity;sid:84459865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596766/; classtype:trojan-activity;sid:84459866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596767/; classtype:trojan-activity;sid:84459867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596768/; classtype:trojan-activity;sid:84459868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.minequest.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596758/; classtype:trojan-activity;sid:84459858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"publication-resolve.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596759/; classtype:trojan-activity;sid:84459859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596760/; classtype:trojan-activity;sid:84459860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596761/; classtype:trojan-activity;sid:84459861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"school-everyday.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596762/; classtype:trojan-activity;sid:84459862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"satisfactory.andresodev.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596763/; classtype:trojan-activity;sid:84459863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596764/; classtype:trojan-activity;sid:84459864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596757/; classtype:trojan-activity;sid:84459857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"nexorastudios.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596756/; classtype:trojan-activity;sid:84459856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596755/; classtype:trojan-activity;sid:84459855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596754/; classtype:trojan-activity;sid:84459854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596752/; classtype:trojan-activity;sid:84459852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596753/; classtype:trojan-activity;sid:84459853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596750/; classtype:trojan-activity;sid:84459850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"school-everyday.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596751/; classtype:trojan-activity;sid:84459851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596749/; classtype:trojan-activity;sid:84459849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596746/; classtype:trojan-activity;sid:84459846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"satisfactory.andresodev.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596747/; classtype:trojan-activity;sid:84459847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596748/; classtype:trojan-activity;sid:84459848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596745/; classtype:trojan-activity;sid:84459845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596743/; classtype:trojan-activity;sid:84459843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596744/; classtype:trojan-activity;sid:84459844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596738/; classtype:trojan-activity;sid:84459838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596739/; classtype:trojan-activity;sid:84459839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596740/; classtype:trojan-activity;sid:84459840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596741/; classtype:trojan-activity;sid:84459841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596742/; classtype:trojan-activity;sid:84459842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"late-researcher.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596736/; classtype:trojan-activity;sid:84459836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596737/; classtype:trojan-activity;sid:84459837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596734/; classtype:trojan-activity;sid:84459834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596735/; classtype:trojan-activity;sid:84459835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596732/; classtype:trojan-activity;sid:84459832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596733/; classtype:trojan-activity;sid:84459833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596724/; classtype:trojan-activity;sid:84459824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596725/; classtype:trojan-activity;sid:84459825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596726/; classtype:trojan-activity;sid:84459826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"similar-meta.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596727/; classtype:trojan-activity;sid:84459827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596728/; classtype:trojan-activity;sid:84459828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596729/; classtype:trojan-activity;sid:84459829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596730/; classtype:trojan-activity;sid:84459830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596731/; classtype:trojan-activity;sid:84459831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596722/; classtype:trojan-activity;sid:84459822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596723/; classtype:trojan-activity;sid:84459823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"satisfactory.andresodev.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596712/; classtype:trojan-activity;sid:84459812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"study-leasing.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596713/; classtype:trojan-activity;sid:84459813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596714/; classtype:trojan-activity;sid:84459814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596715/; classtype:trojan-activity;sid:84459815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596716/; classtype:trojan-activity;sid:84459816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596717/; classtype:trojan-activity;sid:84459817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596718/; classtype:trojan-activity;sid:84459818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596719/; classtype:trojan-activity;sid:84459819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"block-reset.gl.at.ply.gg"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596720/; classtype:trojan-activity;sid:84459820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596721/; classtype:trojan-activity;sid:84459821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596710/; classtype:trojan-activity;sid:84459810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"play.minequest.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596711/; classtype:trojan-activity;sid:84459811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"school-everyday.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596706/; classtype:trojan-activity;sid:84459806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596707/; classtype:trojan-activity;sid:84459807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"school-everyday.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596708/; classtype:trojan-activity;sid:84459808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596709/; classtype:trojan-activity;sid:84459809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596699/; classtype:trojan-activity;sid:84459799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596700/; classtype:trojan-activity;sid:84459800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596701/; classtype:trojan-activity;sid:84459801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"late-researcher.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596702/; classtype:trojan-activity;sid:84459802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"nexorastudios.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596703/; classtype:trojan-activity;sid:84459803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596704/; classtype:trojan-activity;sid:84459804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596705/; classtype:trojan-activity;sid:84459805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"publication-resolve.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596698/; classtype:trojan-activity;sid:84459798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596692/; classtype:trojan-activity;sid:84459792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596693/; classtype:trojan-activity;sid:84459793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596694/; classtype:trojan-activity;sid:84459794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"late-researcher.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596695/; classtype:trojan-activity;sid:84459795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"sell-underlying.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596696/; classtype:trojan-activity;sid:84459796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"publication-resolve.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596697/; classtype:trojan-activity;sid:84459797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596689/; classtype:trojan-activity;sid:84459789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596690/; classtype:trojan-activity;sid:84459790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"late-researcher.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596691/; classtype:trojan-activity;sid:84459791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596681/; classtype:trojan-activity;sid:84459781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596682/; classtype:trojan-activity;sid:84459782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596683/; classtype:trojan-activity;sid:84459783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"study-leasing.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596684/; classtype:trojan-activity;sid:84459784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596685/; classtype:trojan-activity;sid:84459785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596686/; classtype:trojan-activity;sid:84459786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"fullemo.online"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596687/; classtype:trojan-activity;sid:84459787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596688/; classtype:trojan-activity;sid:84459788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596677/; classtype:trojan-activity;sid:84459777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"nexorastudios.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596678/; classtype:trojan-activity;sid:84459778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596679/; classtype:trojan-activity;sid:84459779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"publication-resolve.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596680/; classtype:trojan-activity;sid:84459780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596675/; classtype:trojan-activity;sid:84459775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596676/; classtype:trojan-activity;sid:84459776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596651/; classtype:trojan-activity;sid:84459751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596652/; classtype:trojan-activity;sid:84459752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596653/; classtype:trojan-activity;sid:84459753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596654/; classtype:trojan-activity;sid:84459754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"facilities-arizona.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596655/; classtype:trojan-activity;sid:84459755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596656/; classtype:trojan-activity;sid:84459756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596657/; classtype:trojan-activity;sid:84459757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596658/; classtype:trojan-activity;sid:84459758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596659/; classtype:trojan-activity;sid:84459759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596660/; classtype:trojan-activity;sid:84459760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"block-reset.gl.at.ply.gg"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596661/; classtype:trojan-activity;sid:84459761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"assistance-commissions.gl.at.ply.gg"; depth:35; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596662/; classtype:trojan-activity;sid:84459762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596663/; classtype:trojan-activity;sid:84459763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"late-researcher.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596664/; classtype:trojan-activity;sid:84459764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"similar-meta.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596665/; classtype:trojan-activity;sid:84459765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"study-leasing.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596666/; classtype:trojan-activity;sid:84459766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"satisfactory.andresodev.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596667/; classtype:trojan-activity;sid:84459767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596668/; classtype:trojan-activity;sid:84459768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"server.seaasses.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596669/; classtype:trojan-activity;sid:84459769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"jezzasnetwork.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596670/; classtype:trojan-activity;sid:84459770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"satisfactory.andresodev.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596671/; classtype:trojan-activity;sid:84459771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"play.arbuzmine.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596672/; classtype:trojan-activity;sid:84459772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596673/; classtype:trojan-activity;sid:84459773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596674/; classtype:trojan-activity;sid:84459774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596648/; classtype:trojan-activity;sid:84459748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596649/; classtype:trojan-activity;sid:84459749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596650/; classtype:trojan-activity;sid:84459750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"categories-figure.gl.at.ply.gg"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596647/; classtype:trojan-activity;sid:84459747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596646/; classtype:trojan-activity;sid:84459746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596645/; classtype:trojan-activity;sid:84459745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596643/; classtype:trojan-activity;sid:84459743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"satisfactory.andresodev.com"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596644/; classtype:trojan-activity;sid:84459744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596642/; classtype:trojan-activity;sid:84459742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596641/; classtype:trojan-activity;sid:84459741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596640/; classtype:trojan-activity;sid:84459740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596635/; classtype:trojan-activity;sid:84459735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596636/; classtype:trojan-activity;sid:84459736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"cross-editor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596637/; classtype:trojan-activity;sid:84459737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596638/; classtype:trojan-activity;sid:84459738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"publication-resolve.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596639/; classtype:trojan-activity;sid:84459739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"should-medications.gl.at.ply.gg"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596633/; classtype:trojan-activity;sid:84459733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"publication-resolve.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596634/; classtype:trojan-activity;sid:84459734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"programme-newspaper.gl.at.ply.gg"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596631/; classtype:trojan-activity;sid:84459731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596632/; classtype:trojan-activity;sid:84459732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596626/; classtype:trojan-activity;sid:84459726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596627/; classtype:trojan-activity;sid:84459727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"conditions-ripe.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596628/; classtype:trojan-activity;sid:84459728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596629/; classtype:trojan-activity;sid:84459729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596630/; classtype:trojan-activity;sid:84459730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"both-windsor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596624/; classtype:trojan-activity;sid:84459724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"crixlands.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596625/; classtype:trojan-activity;sid:84459725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596622/; classtype:trojan-activity;sid:84459722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"mac-shaved.gl.at.ply.gg"; depth:23; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596623/; classtype:trojan-activity;sid:84459723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"discussion-announcement.gl.at.ply.gg"; depth:36; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596618/; classtype:trojan-activity;sid:84459718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"dead-weblogs.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596619/; classtype:trojan-activity;sid:84459719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"union-victor.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596620/; classtype:trojan-activity;sid:84459720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"technology-rome.gl.at.ply.gg"; depth:28; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596621/; classtype:trojan-activity;sid:84459721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"rtb.my.id"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596615/; classtype:trojan-activity;sid:84459715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"block-reset.gl.at.ply.gg"; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596616/; classtype:trojan-activity;sid:84459716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"similar-meta.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596617/; classtype:trojan-activity;sid:84459717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"schedule-pci.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596614/; classtype:trojan-activity;sid:84459714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"nexorastudios.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596609/; classtype:trojan-activity;sid:84459709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"similar-meta.gl.at.ply.gg"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596610/; classtype:trojan-activity;sid:84459710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"follow-absent.gl.at.ply.gg"; depth:26; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596611/; classtype:trojan-activity;sid:84459711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"teen-undo.gl.at.ply.gg"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596612/; classtype:trojan-activity;sid:84459712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"catalog-public.gl.at.ply.gg"; depth:27; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596613/; classtype:trojan-activity;sid:84459713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.29.229"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596608/; classtype:trojan-activity;sid:84459708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe7.johnsmith"; depth:46; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596606/; classtype:trojan-activity;sid:84459706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe12.johnsmith"; depth:47; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596607/; classtype:trojan-activity;sid:84459707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe3.johnsmith"; depth:46; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596604/; classtype:trojan-activity;sid:84459704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe9.johnsmith"; depth:46; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596605/; classtype:trojan-activity;sid:84459705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe2.johnsmith"; depth:46; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596602/; classtype:trojan-activity;sid:84459702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe8.johnsmith"; depth:46; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596603/; classtype:trojan-activity;sid:84459703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe11.johnsmith"; depth:47; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596600/; classtype:trojan-activity;sid:84459700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe1.johnsmith"; depth:46; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596601/; classtype:trojan-activity;sid:84459701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe5.johnsmith"; depth:46; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596597/; classtype:trojan-activity;sid:84459697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe4.johnsmith"; depth:46; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596598/; classtype:trojan-activity;sid:84459698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe6.johnsmith"; depth:46; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596599/; classtype:trojan-activity;sid:84459699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.209.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596596/; classtype:trojan-activity;sid:84459696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"52.17.229.255"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596595/; classtype:trojan-activity;sid:84459695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.134.9.57"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596591/; classtype:trojan-activity;sid:84459691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.24.64.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596592/; classtype:trojan-activity;sid:84459692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.43.94.35"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596593/; classtype:trojan-activity;sid:84459693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"118.31.173.19"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596594/; classtype:trojan-activity;sid:84459694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.43.28.208"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596590/; classtype:trojan-activity;sid:84459690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"140.143.170.12"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596589/; classtype:trojan-activity;sid:84459689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"38.55.192.31"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596587/; classtype:trojan-activity;sid:84459687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"42.192.40.142"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596588/; classtype:trojan-activity;sid:84459688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"31.59.40.138"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596585/; classtype:trojan-activity;sid:84459685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.134.222.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596586/; classtype:trojan-activity;sid:84459686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"196.251.88.45"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596584/; classtype:trojan-activity;sid:84459684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.201.75.136"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596582/; classtype:trojan-activity;sid:84459682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"34.10.19.251"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596583/; classtype:trojan-activity;sid:84459683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.232.66.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596581/; classtype:trojan-activity;sid:84459681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.173.138.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596580/; classtype:trojan-activity;sid:84459680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.44.123.73"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596579/; classtype:trojan-activity;sid:84459679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.7.143.12"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596577/; classtype:trojan-activity;sid:84459677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.75.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596578/; classtype:trojan-activity;sid:84459678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.65.18"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596576/; classtype:trojan-activity;sid:84459676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.54.146.109"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596574/; classtype:trojan-activity;sid:84459674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.44.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596575/; classtype:trojan-activity;sid:84459675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.218.189.32"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596573/; classtype:trojan-activity;sid:84459673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.254.35.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596572/; classtype:trojan-activity;sid:84459672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"82.155.155.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596565/; classtype:trojan-activity;sid:84459665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.169.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596566/; classtype:trojan-activity;sid:84459666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"27.74.88.53"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596567/; classtype:trojan-activity;sid:84459667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.91.236"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596568/; classtype:trojan-activity;sid:84459668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"27.74.88.53"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596569/; classtype:trojan-activity;sid:84459669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.185.164.206"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596570/; classtype:trojan-activity;sid:84459670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.240.206.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596571/; classtype:trojan-activity;sid:84459671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.178.192"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596561/; classtype:trojan-activity;sid:84459661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.125.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596562/; classtype:trojan-activity;sid:84459662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.125.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596563/; classtype:trojan-activity;sid:84459663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.125.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596564/; classtype:trojan-activity;sid:84459664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.167.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596560/; classtype:trojan-activity;sid:84459660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.62.170"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596558/; classtype:trojan-activity;sid:84459658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoareyou/dwajiow/dopenewsman/wewe13.johnsmith"; depth:47; endswith; nocase; http.host; content:"147.185.221.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596559/; classtype:trojan-activity;sid:84459659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cars.sh"; depth:8; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596557/; classtype:trojan-activity;sid:84459657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86new.sh"; depth:10; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596554/; classtype:trojan-activity;sid:84459654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wigga.sh"; depth:9; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596555/; classtype:trojan-activity;sid:84459655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wgain.sh"; depth:9; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596556/; classtype:trojan-activity;sid:84459656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.129.73"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596553/; classtype:trojan-activity;sid:84459653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.5.98"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596552/; classtype:trojan-activity;sid:84459652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.81.16"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596551/; classtype:trojan-activity;sid:84459651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.113.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596550/; classtype:trojan-activity;sid:84459650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.29.229"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596549/; classtype:trojan-activity;sid:84459649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.250.195"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596548/; classtype:trojan-activity;sid:84459648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.240.238"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596547/; classtype:trojan-activity;sid:84459647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.26.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596546/; classtype:trojan-activity;sid:84459646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.255.232.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596545/; classtype:trojan-activity;sid:84459645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.181.217"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596544/; classtype:trojan-activity;sid:84459644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.128.51"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596543/; classtype:trojan-activity;sid:84459643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.184.212"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596542/; classtype:trojan-activity;sid:84459642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.240.238"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596541/; classtype:trojan-activity;sid:84459641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.125.231"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596540/; classtype:trojan-activity;sid:84459640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.133.54"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596539/; classtype:trojan-activity;sid:84459639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.10.132.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596538/; classtype:trojan-activity;sid:84459638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.154.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596537/; classtype:trojan-activity;sid:84459637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.106.178"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596536/; classtype:trojan-activity;sid:84459636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.22.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596535/; classtype:trojan-activity;sid:84459635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.242.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596534/; classtype:trojan-activity;sid:84459634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.154.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596533/; classtype:trojan-activity;sid:84459633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.121.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596532/; classtype:trojan-activity;sid:84459632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.190.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596531/; classtype:trojan-activity;sid:84459631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.121.119"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596530/; classtype:trojan-activity;sid:84459630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.38.11"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596528/; classtype:trojan-activity;sid:84459628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.190.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596529/; classtype:trojan-activity;sid:84459629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.78.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596527/; classtype:trojan-activity;sid:84459627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.78.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596526/; classtype:trojan-activity;sid:84459626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.129.180.83"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596519/; classtype:trojan-activity;sid:84459619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"139.59.106.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596520/; classtype:trojan-activity;sid:84459620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"139.59.106.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596521/; classtype:trojan-activity;sid:84459621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"139.59.106.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596522/; classtype:trojan-activity;sid:84459622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"139.59.106.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596523/; classtype:trojan-activity;sid:84459623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"139.59.106.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596524/; classtype:trojan-activity;sid:84459624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.140.25"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596525/; classtype:trojan-activity;sid:84459625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"89.42.88.241"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596518/; classtype:trojan-activity;sid:84459618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.0.48.83"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596517/; classtype:trojan-activity;sid:84459617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.227.232"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596516/; classtype:trojan-activity;sid:84459616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"139.59.106.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596512/; classtype:trojan-activity;sid:84459612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"139.59.106.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596513/; classtype:trojan-activity;sid:84459613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.13.82"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596514/; classtype:trojan-activity;sid:84459614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.0.48.83"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596515/; classtype:trojan-activity;sid:84459615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.65.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596511/; classtype:trojan-activity;sid:84459611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.166.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596510/; classtype:trojan-activity;sid:84459610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.169.92"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596509/; classtype:trojan-activity;sid:84459609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.192.2"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596508/; classtype:trojan-activity;sid:84459608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.166.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596507/; classtype:trojan-activity;sid:84459607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.65.180"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596506/; classtype:trojan-activity;sid:84459606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.122.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596505/; classtype:trojan-activity;sid:84459605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.238.63"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596504/; classtype:trojan-activity;sid:84459604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.144.108"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596503/; classtype:trojan-activity;sid:84459603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.242.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596502/; classtype:trojan-activity;sid:84459602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.113.232"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596501/; classtype:trojan-activity;sid:84459601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.157.206"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596500/; classtype:trojan-activity;sid:84459600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596499/; classtype:trojan-activity;sid:84459599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.144.108"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596498/; classtype:trojan-activity;sid:84459598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.169.92"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596497/; classtype:trojan-activity;sid:84459597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.113.232"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596496/; classtype:trojan-activity;sid:84459596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/olyh2twz/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596495/; classtype:trojan-activity;sid:84459595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/0t2w3g4z/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596494/; classtype:trojan-activity;sid:84459594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/x9dugljb"; depth:18; endswith; nocase; http.host; content:"pixeldrain.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596493/; classtype:trojan-activity;sid:84459593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596492/; classtype:trojan-activity;sid:84459592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/130/wemadesomebestthingswithbetterattitudeforhere.vbs"; depth:54; endswith; nocase; http.host; content:"146.185.239.57"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596491/; classtype:trojan-activity;sid:84459591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diamo/data.php"; depth:15; endswith; nocase; http.host; content:"77.90.153.62"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596490/; classtype:trojan-activity;sid:84459590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/uk.js"; depth:10; endswith; nocase; http.host; content:"104.168.70.164"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596489/; classtype:trojan-activity;sid:84459589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.arc"; depth:15; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596486/; classtype:trojan-activity;sid:84459586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.x86"; depth:15; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596487/; classtype:trojan-activity;sid:84459587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596488/; classtype:trojan-activity;sid:84459588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.xml"; depth:6; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596485/; classtype:trojan-activity;sid:84459585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.x86_64"; depth:18; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596471/; classtype:trojan-activity;sid:84459571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/debug"; depth:11; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596472/; classtype:trojan-activity;sid:84459572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.spc"; depth:15; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596473/; classtype:trojan-activity;sid:84459573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.mips"; depth:16; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596474/; classtype:trojan-activity;sid:84459574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.arm"; depth:12; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596475/; classtype:trojan-activity;sid:84459575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.arm6"; depth:16; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596476/; classtype:trojan-activity;sid:84459576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/o.xml"; depth:11; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596477/; classtype:trojan-activity;sid:84459577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.arm5"; depth:13; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596478/; classtype:trojan-activity;sid:84459578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.arm5"; depth:16; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596479/; classtype:trojan-activity;sid:84459579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.m68k"; depth:16; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596480/; classtype:trojan-activity;sid:84459580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.mips"; depth:13; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596481/; classtype:trojan-activity;sid:84459581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.ppc"; depth:15; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596482/; classtype:trojan-activity;sid:84459582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.arm7"; depth:16; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596483/; classtype:trojan-activity;sid:84459583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.sh4"; depth:15; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596484/; classtype:trojan-activity;sid:84459584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.arm"; depth:15; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596470/; classtype:trojan-activity;sid:84459570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.mpsl"; depth:23; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596469/; classtype:trojan-activity;sid:84459569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.ppc"; depth:12; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596468/; classtype:trojan-activity;sid:84459568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.i686"; depth:16; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596465/; classtype:trojan-activity;sid:84459565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.spc"; depth:22; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596466/; classtype:trojan-activity;sid:84459566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/morte.mpsl"; depth:16; endswith; nocase; http.host; content:"176.65.148.100"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596467/; classtype:trojan-activity;sid:84459567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.txt"; depth:6; endswith; nocase; http.host; content:"172.82.91.52"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596463/; classtype:trojan-activity;sid:84459563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.m68k"; depth:23; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596464/; classtype:trojan-activity;sid:84459564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.sh4"; depth:22; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596459/; classtype:trojan-activity;sid:84459559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.94.15"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596460/; classtype:trojan-activity;sid:84459560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.arm"; depth:22; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596461/; classtype:trojan-activity;sid:84459561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.m68k"; depth:13; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596462/; classtype:trojan-activity;sid:84459562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.arm7"; depth:23; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596454/; classtype:trojan-activity;sid:84459554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.x86_64"; depth:25; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596455/; classtype:trojan-activity;sid:84459555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.arm6"; depth:13; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596456/; classtype:trojan-activity;sid:84459556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.x86"; depth:12; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596457/; classtype:trojan-activity;sid:84459557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/k5m5otze/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596458/; classtype:trojan-activity;sid:84459558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.x86"; depth:22; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596447/; classtype:trojan-activity;sid:84459547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.sh"; depth:5; endswith; nocase; http.host; content:"172.82.91.52"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596448/; classtype:trojan-activity;sid:84459548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.spc"; depth:12; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596449/; classtype:trojan-activity;sid:84459549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.x86_64"; depth:15; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596450/; classtype:trojan-activity;sid:84459550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.arm7"; depth:13; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596451/; classtype:trojan-activity;sid:84459551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.sh4"; depth:12; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596452/; classtype:trojan-activity;sid:84459552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hi.mpsl"; depth:13; endswith; nocase; http.host; content:"77.110.113.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596453/; classtype:trojan-activity;sid:84459553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.arm5"; depth:23; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596443/; classtype:trojan-activity;sid:84459543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.ppc"; depth:22; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596444/; classtype:trojan-activity;sid:84459544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.arm6"; depth:23; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596445/; classtype:trojan-activity;sid:84459545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kernaldriver.mips"; depth:23; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596446/; classtype:trojan-activity;sid:84459546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596441/; classtype:trojan-activity;sid:84459541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596442/; classtype:trojan-activity;sid:84459542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596440/; classtype:trojan-activity;sid:84459540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.177.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596439/; classtype:trojan-activity;sid:84459539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.253.115"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596438/; classtype:trojan-activity;sid:84459538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7717483630/npdtxr4.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596436/; classtype:trojan-activity;sid:84459536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1323113534/4jiptsg.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596437/; classtype:trojan-activity;sid:84459537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1728279516/bsjfeca.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596432/; classtype:trojan-activity;sid:84459532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1728279516/sxrbjau.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596433/; classtype:trojan-activity;sid:84459533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1728279516/sxrbjau.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596434/; classtype:trojan-activity;sid:84459534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1728279516/bsjfeca.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596435/; classtype:trojan-activity;sid:84459535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.46.130"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596431/; classtype:trojan-activity;sid:84459531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.106.178"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596430/; classtype:trojan-activity;sid:84459530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.110.201"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596429/; classtype:trojan-activity;sid:84459529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.46.130"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596428/; classtype:trojan-activity;sid:84459528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.52.68"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596427/; classtype:trojan-activity;sid:84459527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.83.163.46"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596426/; classtype:trojan-activity;sid:84459526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.181.231"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596425/; classtype:trojan-activity;sid:84459525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.130.191.219"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596424/; classtype:trojan-activity;sid:84459524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.96.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596423/; classtype:trojan-activity;sid:84459523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.111.130.7"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596422/; classtype:trojan-activity;sid:84459522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.123.232"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596421/; classtype:trojan-activity;sid:84459521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.225.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596420/; classtype:trojan-activity;sid:84459520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.181.231"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596419/; classtype:trojan-activity;sid:84459519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.96.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596418/; classtype:trojan-activity;sid:84459518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.129.180.83"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596417/; classtype:trojan-activity;sid:84459517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.111.130.7"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596416/; classtype:trojan-activity;sid:84459516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.123.232"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596415/; classtype:trojan-activity;sid:84459515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.225.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596414/; classtype:trojan-activity;sid:84459514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596413/; classtype:trojan-activity;sid:84459513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.191.16.206"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596412/; classtype:trojan-activity;sid:84459512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.184.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596411/; classtype:trojan-activity;sid:84459511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.103.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596410/; classtype:trojan-activity;sid:84459510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"84.42.19.245"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596409/; classtype:trojan-activity;sid:84459509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.184.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596408/; classtype:trojan-activity;sid:84459508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.103.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596407/; classtype:trojan-activity;sid:84459507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.223.164"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596406/; classtype:trojan-activity;sid:84459506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.22.140"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596405/; classtype:trojan-activity;sid:84459505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.3.185"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596404/; classtype:trojan-activity;sid:84459504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.118.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596403/; classtype:trojan-activity;sid:84459503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.207.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596402/; classtype:trojan-activity;sid:84459502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.118.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596401/; classtype:trojan-activity;sid:84459501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.204.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596400/; classtype:trojan-activity;sid:84459500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.203.124"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596399/; classtype:trojan-activity;sid:84459499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.114.26"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596398/; classtype:trojan-activity;sid:84459498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.129.62"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596396/; classtype:trojan-activity;sid:84459496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.252.100"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596397/; classtype:trojan-activity;sid:84459497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86.sh"; depth:7; endswith; nocase; http.host; content:"23.146.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596395/; classtype:trojan-activity;sid:84459495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596394/; classtype:trojan-activity;sid:84459494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.74.2"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596393/; classtype:trojan-activity;sid:84459493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.204.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596392/; classtype:trojan-activity;sid:84459492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.100.121.238"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596391/; classtype:trojan-activity;sid:84459491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.100.121.238"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596390/; classtype:trojan-activity;sid:84459490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.253.115"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596389/; classtype:trojan-activity;sid:84459489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.78.202"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596388/; classtype:trojan-activity;sid:84459488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.75.199"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596387/; classtype:trojan-activity;sid:84459487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.31.254"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596386/; classtype:trojan-activity;sid:84459486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.179.56"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596385/; classtype:trojan-activity;sid:84459485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.78.202"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596384/; classtype:trojan-activity;sid:84459484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.31.254"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596383/; classtype:trojan-activity;sid:84459483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.75.199"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596382/; classtype:trojan-activity;sid:84459482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.249.218"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596381/; classtype:trojan-activity;sid:84459481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.19.187"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596380/; classtype:trojan-activity;sid:84459480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.249.218"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596379/; classtype:trojan-activity;sid:84459479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_spc"; depth:9; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596378/; classtype:trojan-activity;sid:84459478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.93.81.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596377/; classtype:trojan-activity;sid:84459477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.49.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596376/; classtype:trojan-activity;sid:84459476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.89.137"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596375/; classtype:trojan-activity;sid:84459475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.93.81.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596374/; classtype:trojan-activity;sid:84459474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.49.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596373/; classtype:trojan-activity;sid:84459473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.247.198"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596372/; classtype:trojan-activity;sid:84459472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.168.213.7"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596371/; classtype:trojan-activity;sid:84459471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.40.66.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596370/; classtype:trojan-activity;sid:84459470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.89.137"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596369/; classtype:trojan-activity;sid:84459469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.76.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596368/; classtype:trojan-activity;sid:84459468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.132.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596367/; classtype:trojan-activity;sid:84459467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.247.193"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596366/; classtype:trojan-activity;sid:84459466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.247.198"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596365/; classtype:trojan-activity;sid:84459465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.241.107"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596364/; classtype:trojan-activity;sid:84459464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.40.66.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596363/; classtype:trojan-activity;sid:84459463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.185.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596362/; classtype:trojan-activity;sid:84459462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.224.246"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596361/; classtype:trojan-activity;sid:84459461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.247.193"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596360/; classtype:trojan-activity;sid:84459460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.132.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596359/; classtype:trojan-activity;sid:84459459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugjgup.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596358/; classtype:trojan-activity;sid:84459458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"xdxd.hoangmaidong.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596357/; classtype:trojan-activity;sid:84459457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"xdxd.hoangmaidong.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596356/; classtype:trojan-activity;sid:84459456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"xdxd.hoangmaidong.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596354/; classtype:trojan-activity;sid:84459454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"xdxd.hoangmaidong.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596355/; classtype:trojan-activity;sid:84459455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rwa682.rar"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596353/; classtype:trojan-activity;sid:84459453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"xdxd.hoangmaidong.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596352/; classtype:trojan-activity;sid:84459452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"xdxd.hoangmaidong.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596351/; classtype:trojan-activity;sid:84459451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"xdxd.hoangmaidong.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596346/; classtype:trojan-activity;sid:84459446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"xdxd.hoangmaidong.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596347/; classtype:trojan-activity;sid:84459447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"xdxd.hoangmaidong.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596348/; classtype:trojan-activity;sid:84459448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"xdxd.hoangmaidong.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596349/; classtype:trojan-activity;sid:84459449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"xdxd.hoangmaidong.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596350/; classtype:trojan-activity;sid:84459450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"v2202507289248365122.bestsrv.de"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596345/; classtype:trojan-activity;sid:84459445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"v2202507289248365122.bestsrv.de"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596342/; classtype:trojan-activity;sid:84459442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"152.53.209.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596343/; classtype:trojan-activity;sid:84459443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"v2202507289248365122.bestsrv.de"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596344/; classtype:trojan-activity;sid:84459444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596336/; classtype:trojan-activity;sid:84459436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596337/; classtype:trojan-activity;sid:84459437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596338/; classtype:trojan-activity;sid:84459438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596339/; classtype:trojan-activity;sid:84459439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596340/; classtype:trojan-activity;sid:84459440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596341/; classtype:trojan-activity;sid:84459441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.224.246"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596330/; classtype:trojan-activity;sid:84459430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.72.212"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596331/; classtype:trojan-activity;sid:84459431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.209.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596332/; classtype:trojan-activity;sid:84459432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"v2202507289248365122.bestsrv.de"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596333/; classtype:trojan-activity;sid:84459433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.226.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596334/; classtype:trojan-activity;sid:84459434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"v2202507289248365122.bestsrv.de"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596335/; classtype:trojan-activity;sid:84459435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"v2202507289248365122.bestsrv.de"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596325/; classtype:trojan-activity;sid:84459425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"v2202507289248365122.bestsrv.de"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596326/; classtype:trojan-activity;sid:84459426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"v2202507289248365122.bestsrv.de"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596327/; classtype:trojan-activity;sid:84459427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"v2202507289248365122.bestsrv.de"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596328/; classtype:trojan-activity;sid:84459428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"v2202507289248365122.bestsrv.de"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596329/; classtype:trojan-activity;sid:84459429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xx"; depth:3; endswith; nocase; http.host; content:"152.53.209.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596323/; classtype:trojan-activity;sid:84459423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xx"; depth:3; endswith; nocase; http.host; content:"v2202507289248365122.bestsrv.de"; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596324/; classtype:trojan-activity;sid:84459424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596322/; classtype:trojan-activity;sid:84459422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596321/; classtype:trojan-activity;sid:84459421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596316/; classtype:trojan-activity;sid:84459416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596317/; classtype:trojan-activity;sid:84459417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596318/; classtype:trojan-activity;sid:84459418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596319/; classtype:trojan-activity;sid:84459419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"www.vpsx64.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596320/; classtype:trojan-activity;sid:84459420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596315/; classtype:trojan-activity;sid:84459415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596306/; classtype:trojan-activity;sid:84459406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596307/; classtype:trojan-activity;sid:84459407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596308/; classtype:trojan-activity;sid:84459408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596309/; classtype:trojan-activity;sid:84459409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596310/; classtype:trojan-activity;sid:84459410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596311/; classtype:trojan-activity;sid:84459411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596312/; classtype:trojan-activity;sid:84459412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596313/; classtype:trojan-activity;sid:84459413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596314/; classtype:trojan-activity;sid:84459414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.4.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596305/; classtype:trojan-activity;sid:84459405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.31.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596304/; classtype:trojan-activity;sid:84459404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.72.212"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596303/; classtype:trojan-activity;sid:84459403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.39.254"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596302/; classtype:trojan-activity;sid:84459402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.143.67"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596301/; classtype:trojan-activity;sid:84459401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8ddpzz.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596300/; classtype:trojan-activity;sid:84459400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cache"; depth:6; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596299/; classtype:trojan-activity;sid:84459399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.i686"; depth:34; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596296/; classtype:trojan-activity;sid:84459396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arc"; depth:33; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596297/; classtype:trojan-activity;sid:84459397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.ppc"; depth:33; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596298/; classtype:trojan-activity;sid:84459398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.m68k"; depth:34; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596290/; classtype:trojan-activity;sid:84459390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm"; depth:33; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596291/; classtype:trojan-activity;sid:84459391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.x86_64"; depth:36; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596292/; classtype:trojan-activity;sid:84459392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.sh4"; depth:33; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596293/; classtype:trojan-activity;sid:84459393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm6"; depth:34; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596294/; classtype:trojan-activity;sid:84459394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.mpsl"; depth:34; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596295/; classtype:trojan-activity;sid:84459395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm7"; depth:34; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596289/; classtype:trojan-activity;sid:84459389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm5"; depth:34; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596284/; classtype:trojan-activity;sid:84459384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.mips"; depth:34; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596285/; classtype:trojan-activity;sid:84459385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.i486"; depth:34; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596286/; classtype:trojan-activity;sid:84459386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.spc"; depth:33; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596287/; classtype:trojan-activity;sid:84459387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.x86"; depth:33; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596288/; classtype:trojan-activity;sid:84459388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.31.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596283/; classtype:trojan-activity;sid:84459383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.7.12"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596282/; classtype:trojan-activity;sid:84459382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kx63at.zip"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596281/; classtype:trojan-activity;sid:84459381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0x83911d24fx.sh"; depth:16; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596280/; classtype:trojan-activity;sid:84459380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596279/; classtype:trojan-activity;sid:84459379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.57.208"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596278/; classtype:trojan-activity;sid:84459378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm5"; depth:17; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596277/; classtype:trojan-activity;sid:84459377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.m68k"; depth:17; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596276/; classtype:trojan-activity;sid:84459376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.x86"; depth:16; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596269/; classtype:trojan-activity;sid:84459369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.mips"; depth:17; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596270/; classtype:trojan-activity;sid:84459370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm6"; depth:17; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596271/; classtype:trojan-activity;sid:84459371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm7"; depth:17; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596272/; classtype:trojan-activity;sid:84459372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.sh4"; depth:16; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596273/; classtype:trojan-activity;sid:84459373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.ppc"; depth:16; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596274/; classtype:trojan-activity;sid:84459374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.mpsl"; depth:17; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596275/; classtype:trojan-activity;sid:84459375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.x86_64"; depth:19; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596266/; classtype:trojan-activity;sid:84459366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596267/; classtype:trojan-activity;sid:84459367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.spc"; depth:16; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596268/; classtype:trojan-activity;sid:84459368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm"; depth:16; endswith; nocase; http.host; content:"sbd.hoangmaidong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596265/; classtype:trojan-activity;sid:84459365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.217.180"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596264/; classtype:trojan-activity;sid:84459364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"216.247.210.223"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596263/; classtype:trojan-activity;sid:84459363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.57.208"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596262/; classtype:trojan-activity;sid:84459362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.6.168.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596261/; classtype:trojan-activity;sid:84459361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.217.180"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596260/; classtype:trojan-activity;sid:84459360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.183.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596259/; classtype:trojan-activity;sid:84459359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.136.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596258/; classtype:trojan-activity;sid:84459358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.121.210"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596257/; classtype:trojan-activity;sid:84459357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.227.247.29"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596256/; classtype:trojan-activity;sid:84459356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.38.3.30"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596252/; classtype:trojan-activity;sid:84459352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.229.57"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596253/; classtype:trojan-activity;sid:84459353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.39.211"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596254/; classtype:trojan-activity;sid:84459354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.72.57"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596255/; classtype:trojan-activity;sid:84459355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.187.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596251/; classtype:trojan-activity;sid:84459351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.183.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596249/; classtype:trojan-activity;sid:84459349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.6.168.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596250/; classtype:trojan-activity;sid:84459350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.130.184"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596248/; classtype:trojan-activity;sid:84459348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.42.209"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596247/; classtype:trojan-activity;sid:84459347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.136.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596246/; classtype:trojan-activity;sid:84459346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596245/; classtype:trojan-activity;sid:84459345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.39.254"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596244/; classtype:trojan-activity;sid:84459344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.207.130"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596243/; classtype:trojan-activity;sid:84459343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.181.226.233"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596242/; classtype:trojan-activity;sid:84459342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.18.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596241/; classtype:trojan-activity;sid:84459341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.205.104"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596240/; classtype:trojan-activity;sid:84459340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.81.153"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596239/; classtype:trojan-activity;sid:84459339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.178.104"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596238/; classtype:trojan-activity;sid:84459338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.50.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596237/; classtype:trojan-activity;sid:84459337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.77.239"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596235/; classtype:trojan-activity;sid:84459335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5757081280/llscamo.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596236/; classtype:trojan-activity;sid:84459336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.50.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596234/; classtype:trojan-activity;sid:84459334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/red.mp4"; depth:8; endswith; nocase; http.host; content:"kriez.work"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596233/; classtype:trojan-activity;sid:84459333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/setup0408.pdf"; depth:19; endswith; nocase; http.host; content:"myprojectdocs.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596232/; classtype:trojan-activity;sid:84459332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.181.226.233"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596231/; classtype:trojan-activity;sid:84459331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.178.104"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596230/; classtype:trojan-activity;sid:84459330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/130/esee/wemadesomebestthingswithbetterattitudeforhere________wemadesomebestthingswithbetterattitudeforhere________wemadesomebestthingswithbetterattitudeforhere.doc"; depth:165; endswith; nocase; http.host; content:"146.185.239.57"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596229/; classtype:trojan-activity;sid:84459329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.205.104"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596228/; classtype:trojan-activity;sid:84459328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7gusn/raw"; depth:10; endswith; nocase; http.host; content:"dpaste.org"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596227/; classtype:trojan-activity;sid:84459327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hpaap/raw"; depth:10; endswith; nocase; http.host; content:"dpaste.org"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596226/; classtype:trojan-activity;sid:84459326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6199079274/qp0wpkm.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596224/; classtype:trojan-activity;sid:84459324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.68.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596223/; classtype:trojan-activity;sid:84459323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.77.239"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596222/; classtype:trojan-activity;sid:84459322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.40.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596221/; classtype:trojan-activity;sid:84459321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596220/; classtype:trojan-activity;sid:84459320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.165.226"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596219/; classtype:trojan-activity;sid:84459319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596218/; classtype:trojan-activity;sid:84459318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596217/; classtype:trojan-activity;sid:84459317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596211/; classtype:trojan-activity;sid:84459311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596212/; classtype:trojan-activity;sid:84459312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596213/; classtype:trojan-activity;sid:84459313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596214/; classtype:trojan-activity;sid:84459314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596215/; classtype:trojan-activity;sid:84459315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596216/; classtype:trojan-activity;sid:84459316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596206/; classtype:trojan-activity;sid:84459306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596207/; classtype:trojan-activity;sid:84459307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596208/; classtype:trojan-activity;sid:84459308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596209/; classtype:trojan-activity;sid:84459309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"45.137.20.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596210/; classtype:trojan-activity;sid:84459310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.163.243.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596205/; classtype:trojan-activity;sid:84459305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.246.45"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596204/; classtype:trojan-activity;sid:84459304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.111.165"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596203/; classtype:trojan-activity;sid:84459303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.18.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596202/; classtype:trojan-activity;sid:84459302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.40.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596201/; classtype:trojan-activity;sid:84459301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.165.226"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596200/; classtype:trojan-activity;sid:84459300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596199/; classtype:trojan-activity;sid:84459299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.45.74"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596198/; classtype:trojan-activity;sid:84459298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.246.45"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596197/; classtype:trojan-activity;sid:84459297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.8.172"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596196/; classtype:trojan-activity;sid:84459296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.217.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596195/; classtype:trojan-activity;sid:84459295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.4.248"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596194/; classtype:trojan-activity;sid:84459294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.8.172"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596193/; classtype:trojan-activity;sid:84459293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.1.121"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596192/; classtype:trojan-activity;sid:84459292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.111.165"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596191/; classtype:trojan-activity;sid:84459291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.217.9"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596190/; classtype:trojan-activity;sid:84459290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.69.158.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596189/; classtype:trojan-activity;sid:84459289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.4.248"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596188/; classtype:trojan-activity;sid:84459288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.239.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596187/; classtype:trojan-activity;sid:84459287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.109.128"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596186/; classtype:trojan-activity;sid:84459286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.183.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596185/; classtype:trojan-activity;sid:84459285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.109.128"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596184/; classtype:trojan-activity;sid:84459284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.103.81"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596183/; classtype:trojan-activity;sid:84459283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.9.194"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596182/; classtype:trojan-activity;sid:84459282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.103.81"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596181/; classtype:trojan-activity;sid:84459281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.187.82.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596180/; classtype:trojan-activity;sid:84459280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.114.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596179/; classtype:trojan-activity;sid:84459279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.30.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596178/; classtype:trojan-activity;sid:84459278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.9.194"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596177/; classtype:trojan-activity;sid:84459277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.msi"; depth:34; endswith; nocase; http.host; content:"wakilamakila.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596176/; classtype:trojan-activity;sid:84459276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.187.82.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596175/; classtype:trojan-activity;sid:84459275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7154568111/71ye3u9.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596174/; classtype:trojan-activity;sid:84459274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.104.6"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596173/; classtype:trojan-activity;sid:84459273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.147.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596172/; classtype:trojan-activity;sid:84459272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.163.243.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596169/; classtype:trojan-activity;sid:84459269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.248.8.122"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596170/; classtype:trojan-activity;sid:84459270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.240.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596171/; classtype:trojan-activity;sid:84459271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.118.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596168/; classtype:trojan-activity;sid:84459268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.43.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596167/; classtype:trojan-activity;sid:84459267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.60.203"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596166/; classtype:trojan-activity;sid:84459266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.104.6"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596165/; classtype:trojan-activity;sid:84459265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storage/v1/object/public/auths0//booking102.7z"; depth:47; endswith; nocase; http.host; content:"fnvimoyvwkbxbmczlqus.supabase.co"; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596163/; classtype:trojan-activity;sid:84459263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/js/invoice.bat"; depth:24; endswith; nocase; http.host; content:"www.vastkupan.com"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596164/; classtype:trojan-activity;sid:84459264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.60.203"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596162/; classtype:trojan-activity;sid:84459262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.235.247"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596161/; classtype:trojan-activity;sid:84459261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.69.158.79"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596160/; classtype:trojan-activity;sid:84459260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/pjwjuwof/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596159/; classtype:trojan-activity;sid:84459259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64/64thservice.exe"; depth:19; endswith; nocase; http.host; content:"99.237.150.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596158/; classtype:trojan-activity;sid:84459258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5638395652/29tpnr0.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596157/; classtype:trojan-activity;sid:84459257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5254702106/p62zojm.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596155/; classtype:trojan-activity;sid:84459255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idkrwerwre-main/runtimebroker.exe"; depth:34; endswith; nocase; http.host; content:"99.237.150.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596156/; classtype:trojan-activity;sid:84459256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.160.77"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596154/; classtype:trojan-activity;sid:84459254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.71.224"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596153/; classtype:trojan-activity;sid:84459253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.185.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596152/; classtype:trojan-activity;sid:84459252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/map.zip"; depth:8; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596151/; classtype:trojan-activity;sid:84459251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stark.zip"; depth:10; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596150/; classtype:trojan-activity;sid:84459250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.71.224"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596149/; classtype:trojan-activity;sid:84459249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shopify.bat"; depth:12; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596147/; classtype:trojan-activity;sid:84459247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swap.bat"; depth:9; endswith; nocase; http.host; content:"45.83.28.115"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596148/; classtype:trojan-activity;sid:84459248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.106.144.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596145/; classtype:trojan-activity;sid:84459245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"206.119.172.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596146/; classtype:trojan-activity;sid:84459246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.43.179.233"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596142/; classtype:trojan-activity;sid:84459242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.97.118.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596143/; classtype:trojan-activity;sid:84459243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"154.90.37.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596144/; classtype:trojan-activity;sid:84459244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.134.9.57"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596138/; classtype:trojan-activity;sid:84459238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.139.221.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596139/; classtype:trojan-activity;sid:84459239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.102.87.217"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596140/; classtype:trojan-activity;sid:84459240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.43.139.175"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596141/; classtype:trojan-activity;sid:84459241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"42.51.34.56"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596137/; classtype:trojan-activity;sid:84459237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.163.235"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596136/; classtype:trojan-activity;sid:84459236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.91.136.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596130/; classtype:trojan-activity;sid:84459230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"101.168.18.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596131/; classtype:trojan-activity;sid:84459231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.170.199"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596132/; classtype:trojan-activity;sid:84459232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"120.157.138.38"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596133/; classtype:trojan-activity;sid:84459233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.235.233.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596134/; classtype:trojan-activity;sid:84459234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.138.90"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596135/; classtype:trojan-activity;sid:84459235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.19.47.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596122/; classtype:trojan-activity;sid:84459222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.157.28.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596123/; classtype:trojan-activity;sid:84459223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.167.65.5"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596124/; classtype:trojan-activity;sid:84459224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.22.226.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596125/; classtype:trojan-activity;sid:84459225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.22.226.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596126/; classtype:trojan-activity;sid:84459226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.168.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596127/; classtype:trojan-activity;sid:84459227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.254.37.225"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596128/; classtype:trojan-activity;sid:84459228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.185.209.229"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596129/; classtype:trojan-activity;sid:84459229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.5.179.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596120/; classtype:trojan-activity;sid:84459220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.148.216"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596121/; classtype:trojan-activity;sid:84459221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.184.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596119/; classtype:trojan-activity;sid:84459219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.37.181"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596118/; classtype:trojan-activity;sid:84459218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.184.218"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596117/; classtype:trojan-activity;sid:84459217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.60.224.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596116/; classtype:trojan-activity;sid:84459216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.184.218"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596115/; classtype:trojan-activity;sid:84459215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.37.181"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596114/; classtype:trojan-activity;sid:84459214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.184.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596113/; classtype:trojan-activity;sid:84459213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.111.86"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596112/; classtype:trojan-activity;sid:84459212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.60.224.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596111/; classtype:trojan-activity;sid:84459211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.123.145.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596110/; classtype:trojan-activity;sid:84459210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.127.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596109/; classtype:trojan-activity;sid:84459209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.153.144.112"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596108/; classtype:trojan-activity;sid:84459208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.60.135"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596107/; classtype:trojan-activity;sid:84459207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.84.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596105/; classtype:trojan-activity;sid:84459205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.188.221"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596106/; classtype:trojan-activity;sid:84459206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.197.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596104/; classtype:trojan-activity;sid:84459204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.106.26"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596103/; classtype:trojan-activity;sid:84459203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64/67.exe"; depth:10; endswith; nocase; http.host; content:"99.237.150.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596102/; classtype:trojan-activity;sid:84459202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/free.exe"; depth:14; endswith; nocase; http.host; content:"99.237.150.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596101/; classtype:trojan-activity;sid:84459201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.127.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596099/; classtype:trojan-activity;sid:84459199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1323113534/lbzdp1l.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596100/; classtype:trojan-activity;sid:84459200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.169.92"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596097/; classtype:trojan-activity;sid:84459197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.70.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596096/; classtype:trojan-activity;sid:84459196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1323113534/lbzdp1l.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596095/; classtype:trojan-activity;sid:84459195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.7.120"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596094/; classtype:trojan-activity;sid:84459194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.30.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596093/; classtype:trojan-activity;sid:84459193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.7.12"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596092/; classtype:trojan-activity;sid:84459192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.7.120"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596091/; classtype:trojan-activity;sid:84459191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.3.185"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596090/; classtype:trojan-activity;sid:84459190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.17.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596089/; classtype:trojan-activity;sid:84459189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.68.231"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596088/; classtype:trojan-activity;sid:84459188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.44.100"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596087/; classtype:trojan-activity;sid:84459187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.168.213.7"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596086/; classtype:trojan-activity;sid:84459186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.17.37"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596085/; classtype:trojan-activity;sid:84459185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.exe"; depth:11; endswith; nocase; http.host; content:"45.141.215.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596084/; classtype:trojan-activity;sid:84459184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.68.231"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596083/; classtype:trojan-activity;sid:84459183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.179.56"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596082/; classtype:trojan-activity;sid:84459182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.111.243.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596081/; classtype:trojan-activity;sid:84459181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.90.113"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596080/; classtype:trojan-activity;sid:84459180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.44.100"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596079/; classtype:trojan-activity;sid:84459179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/xwsu8lty"; depth:18; endswith; nocase; http.host; content:"pixeldrain.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596078/; classtype:trojan-activity;sid:84459178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.169.183.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596077/; classtype:trojan-activity;sid:84459177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/4c0fgru4/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596076/; classtype:trojan-activity;sid:84459176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/tcexw5zs/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596075/; classtype:trojan-activity;sid:84459175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/knlrwppz/0"; depth:13; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596074/; classtype:trojan-activity;sid:84459174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.32.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596073/; classtype:trojan-activity;sid:84459173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.90.113"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596072/; classtype:trojan-activity;sid:84459172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.139.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596071/; classtype:trojan-activity;sid:84459171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.166.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596070/; classtype:trojan-activity;sid:84459170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.45.224"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596069/; classtype:trojan-activity;sid:84459169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.247.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596068/; classtype:trojan-activity;sid:84459168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.125.255"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596067/; classtype:trojan-activity;sid:84459167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.139.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596066/; classtype:trojan-activity;sid:84459166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.32.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596065/; classtype:trojan-activity;sid:84459165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_lrasse_20250718_125421.txt"; depth:37; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596060/; classtype:trojan-activity;sid:84459160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_windowske_20250622_215302.txt"; depth:40; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596061/; classtype:trojan-activity;sid:84459161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_windwosnh_20250704_105704.txt"; depth:40; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596062/; classtype:trojan-activity;sid:84459162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_dashost_20250718_223706.txt"; depth:38; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596063/; classtype:trojan-activity;sid:84459163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_windowsc_20250620_123557.txt"; depth:39; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596064/; classtype:trojan-activity;sid:84459164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_sihost_20250701_131706.txt"; depth:37; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596051/; classtype:trojan-activity;sid:84459151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_svchost_20250607_203302.txt"; depth:38; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596052/; classtype:trojan-activity;sid:84459152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_windowsre_20250622_221446.txt"; depth:40; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596053/; classtype:trojan-activity;sid:84459153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_csrss_20250716_141545.txt"; depth:36; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596054/; classtype:trojan-activity;sid:84459154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_windowslme_20250703_214358.txt"; depth:41; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596055/; classtype:trojan-activity;sid:84459155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_slhosti_20250730_124937.txt"; depth:38; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596056/; classtype:trojan-activity;sid:84459156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_smss_20250607_203207.txt"; depth:35; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596057/; classtype:trojan-activity;sid:84459157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_csrsslsass_20250720_193356.txt"; depth:41; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596058/; classtype:trojan-activity;sid:84459158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protected_smss_20250614_131034.txt"; depth:35; endswith; nocase; http.host; content:"104.233.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596059/; classtype:trojan-activity;sid:84459159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xzdsnmi"; depth:8; endswith; nocase; http.host; content:"bypass287win.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596050/; classtype:trojan-activity;sid:84459150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.45.224"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596049/; classtype:trojan-activity;sid:84459149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.1.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596048/; classtype:trojan-activity;sid:84459148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.38.3.30"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596047/; classtype:trojan-activity;sid:84459147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.247.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596046/; classtype:trojan-activity;sid:84459146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.172.64"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596045/; classtype:trojan-activity;sid:84459145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.151.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596044/; classtype:trojan-activity;sid:84459144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.1.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596043/; classtype:trojan-activity;sid:84459143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.230.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596042/; classtype:trojan-activity;sid:84459142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.235.247"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596041/; classtype:trojan-activity;sid:84459141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.m68k"; depth:12; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596039/; classtype:trojan-activity;sid:84459139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.spc"; depth:11; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596040/; classtype:trojan-activity;sid:84459140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.119"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596038/; classtype:trojan-activity;sid:84459138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.200.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596037/; classtype:trojan-activity;sid:84459137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.211.71"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596036/; classtype:trojan-activity;sid:84459136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.200.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596035/; classtype:trojan-activity;sid:84459135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.234.47"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596034/; classtype:trojan-activity;sid:84459134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_2648cddaa8c54f4faa344a44dfb4fdac.txt"; depth:45; endswith; nocase; http.host; content:"dbestgroup.infy.uk"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596033/; classtype:trojan-activity;sid:84459133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_dc4ce368858c4ef7bd2f1464f91e0108.txt"; depth:45; endswith; nocase; http.host; content:"dbestgroup.infy.uk"; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596032/; classtype:trojan-activity;sid:84459132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/3juv6sfh"; depth:18; endswith; nocase; http.host; content:"pixeldrain.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596031/; classtype:trojan-activity;sid:84459131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/21ma1y6v"; depth:18; endswith; nocase; http.host; content:"pixeldrain.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596030/; classtype:trojan-activity;sid:84459130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/tkfwgyfh"; depth:18; endswith; nocase; http.host; content:"pixeldrain.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596029/; classtype:trojan-activity;sid:84459129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.39.150"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596028/; classtype:trojan-activity;sid:84459128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm5"; depth:17; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596022/; classtype:trojan-activity;sid:84459122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.sh4"; depth:16; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596023/; classtype:trojan-activity;sid:84459123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm7"; depth:17; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596024/; classtype:trojan-activity;sid:84459124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.spc"; depth:16; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596025/; classtype:trojan-activity;sid:84459125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.x86_64"; depth:19; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596026/; classtype:trojan-activity;sid:84459126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.m68k"; depth:17; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596027/; classtype:trojan-activity;sid:84459127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0x83911d24fx.sh"; depth:16; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596021/; classtype:trojan-activity;sid:84459121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.x86"; depth:16; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596016/; classtype:trojan-activity;sid:84459116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm"; depth:16; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596017/; classtype:trojan-activity;sid:84459117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.ppc"; depth:16; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596018/; classtype:trojan-activity;sid:84459118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.mips"; depth:17; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596019/; classtype:trojan-activity;sid:84459119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.arm6"; depth:17; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596020/; classtype:trojan-activity;sid:84459120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.110.10.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596015/; classtype:trojan-activity;sid:84459115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.spc"; depth:16; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596014/; classtype:trojan-activity;sid:84459114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.ppc"; depth:16; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596011/; classtype:trojan-activity;sid:84459111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.arm7"; depth:17; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596012/; classtype:trojan-activity;sid:84459112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.sh4"; depth:16; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596013/; classtype:trojan-activity;sid:84459113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.586"; depth:16; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596010/; classtype:trojan-activity;sid:84459110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.i586"; depth:17; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596001/; classtype:trojan-activity;sid:84459101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.i486"; depth:17; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596002/; classtype:trojan-activity;sid:84459102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.arc"; depth:16; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596003/; classtype:trojan-activity;sid:84459103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.arm6"; depth:17; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596004/; classtype:trojan-activity;sid:84459104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.arm5"; depth:17; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596005/; classtype:trojan-activity;sid:84459105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.i686"; depth:17; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596006/; classtype:trojan-activity;sid:84459106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.mpsl"; depth:17; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596007/; classtype:trojan-activity;sid:84459107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.mips"; depth:17; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596008/; classtype:trojan-activity;sid:84459108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.i386"; depth:17; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596009/; classtype:trojan-activity;sid:84459109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.x86"; depth:16; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595997/; classtype:trojan-activity;sid:84459097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.x86_64"; depth:19; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595998/; classtype:trojan-activity;sid:84459098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.arm"; depth:16; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595999/; classtype:trojan-activity;sid:84459099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.x86-debug"; depth:22; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596000/; classtype:trojan-activity;sid:84459100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.m68k"; depth:17; endswith; nocase; http.host; content:"89.213.174.230"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595996/; classtype:trojan-activity;sid:84459096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.139.88"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595995/; classtype:trojan-activity;sid:84459095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/775892292/byndwfn.msi"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595994/; classtype:trojan-activity;sid:84459094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atoarm5"; depth:15; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595991/; classtype:trojan-activity;sid:84459091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6805932958/dwtyrpg.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595992/; classtype:trojan-activity;sid:84459092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.exe"; depth:13; endswith; nocase; http.host; content:"77.110.103.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595993/; classtype:trojan-activity;sid:84459093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7699731621/e8l2dea.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595976/; classtype:trojan-activity;sid:84459076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595977/; classtype:trojan-activity;sid:84459077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atomips"; depth:15; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595978/; classtype:trojan-activity;sid:84459078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atoarm"; depth:14; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595979/; classtype:trojan-activity;sid:84459079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atox64"; depth:14; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595980/; classtype:trojan-activity;sid:84459080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atoarm6"; depth:15; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595981/; classtype:trojan-activity;sid:84459081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atom68k"; depth:15; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595982/; classtype:trojan-activity;sid:84459082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atosh4"; depth:14; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595983/; classtype:trojan-activity;sid:84459083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595984/; classtype:trojan-activity;sid:84459084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/740061926/blgj4g0.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595985/; classtype:trojan-activity;sid:84459085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atospc"; depth:14; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595986/; classtype:trojan-activity;sid:84459086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atompsl"; depth:15; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595987/; classtype:trojan-activity;sid:84459087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atox86"; depth:14; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595988/; classtype:trojan-activity;sid:84459088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atoarm7"; depth:15; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595989/; classtype:trojan-activity;sid:84459089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godage3atoppc"; depth:14; endswith; nocase; http.host; content:"83.150.218.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595990/; classtype:trojan-activity;sid:84459090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/985220663/ehq3yau.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595974/; classtype:trojan-activity;sid:84459074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7717483630/15zcvmc.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595975/; classtype:trojan-activity;sid:84459075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/2043702969/2gtnppg.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595971/; classtype:trojan-activity;sid:84459071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6711528129/66ozjb9.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595972/; classtype:trojan-activity;sid:84459072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5638395652/8qpyxzw.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595973/; classtype:trojan-activity;sid:84459073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.126.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595970/; classtype:trojan-activity;sid:84459070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.112.84"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595969/; classtype:trojan-activity;sid:84459069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.126.16"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595968/; classtype:trojan-activity;sid:84459068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.195.180"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595967/; classtype:trojan-activity;sid:84459067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.99.169"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595966/; classtype:trojan-activity;sid:84459066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.112.84"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595965/; classtype:trojan-activity;sid:84459065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.191.16.191"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595964/; classtype:trojan-activity;sid:84459064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.195.180"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595963/; classtype:trojan-activity;sid:84459063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.191.16.191"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595962/; classtype:trojan-activity;sid:84459062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.45.74"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595961/; classtype:trojan-activity;sid:84459061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.170.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595960/; classtype:trojan-activity;sid:84459060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.140.45.89"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595959/; classtype:trojan-activity;sid:84459059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.31.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595958/; classtype:trojan-activity;sid:84459058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.140.45.89"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595957/; classtype:trojan-activity;sid:84459057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.38.3.30"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595955/; classtype:trojan-activity;sid:84459055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.198.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595956/; classtype:trojan-activity;sid:84459056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.0.153"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595954/; classtype:trojan-activity;sid:84459054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.241.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595953/; classtype:trojan-activity;sid:84459053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.195.146"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595952/; classtype:trojan-activity;sid:84459052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.31.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595951/; classtype:trojan-activity;sid:84459051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"2.55.98.253"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595950/; classtype:trojan-activity;sid:84459050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.255.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595949/; classtype:trojan-activity;sid:84459049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.0.153"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595948/; classtype:trojan-activity;sid:84459048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.67.209.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595947/; classtype:trojan-activity;sid:84459047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.157.200"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595946/; classtype:trojan-activity;sid:84459046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.169.183.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595945/; classtype:trojan-activity;sid:84459045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.224.121"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595944/; classtype:trojan-activity;sid:84459044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.50.239"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595943/; classtype:trojan-activity;sid:84459043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.22.28"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595942/; classtype:trojan-activity;sid:84459042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.241.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595941/; classtype:trojan-activity;sid:84459041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.67.209.56"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595940/; classtype:trojan-activity;sid:84459040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.56.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595939/; classtype:trojan-activity;sid:84459039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.17.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595937/; classtype:trojan-activity;sid:84459037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.38.78"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595938/; classtype:trojan-activity;sid:84459038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.50.239"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595936/; classtype:trojan-activity;sid:84459036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.149.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595935/; classtype:trojan-activity;sid:84459035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.9.153"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595934/; classtype:trojan-activity;sid:84459034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.246.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595933/; classtype:trojan-activity;sid:84459033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.125.24.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595932/; classtype:trojan-activity;sid:84459032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.17.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595931/; classtype:trojan-activity;sid:84459031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljezs/uytea.mpsl"; depth:17; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595930/; classtype:trojan-activity;sid:84459030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.56.38"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595929/; classtype:trojan-activity;sid:84459029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.9.153"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595928/; classtype:trojan-activity;sid:84459028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.49.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595927/; classtype:trojan-activity;sid:84459027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.139.88"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595926/; classtype:trojan-activity;sid:84459026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.120.45"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595925/; classtype:trojan-activity;sid:84459025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.49.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595924/; classtype:trojan-activity;sid:84459024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.55.190"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595923/; classtype:trojan-activity;sid:84459023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.139.88"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595922/; classtype:trojan-activity;sid:84459022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.120.45"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595921/; classtype:trojan-activity;sid:84459021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.55.190"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595920/; classtype:trojan-activity;sid:84459020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.142.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595919/; classtype:trojan-activity;sid:84459019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.83.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3595918/; classtype:trojan-activity;sid:84459018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.197.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595917/; classtype:trojan-activity;sid:84459017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.88.180"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595916/; classtype:trojan-activity;sid:84459016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.88.180"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595915/; classtype:trojan-activity;sid:84459015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.142.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595914/; classtype:trojan-activity;sid:84459014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.108.250"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595913/; classtype:trojan-activity;sid:84459013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.193.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595912/; classtype:trojan-activity;sid:84459012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.108.250"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595911/; classtype:trojan-activity;sid:84459011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.144.116"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595910/; classtype:trojan-activity;sid:84459010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.141.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595909/; classtype:trojan-activity;sid:84459009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.202.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595908/; classtype:trojan-activity;sid:84459008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.193.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595907/; classtype:trojan-activity;sid:84459007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.202.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595906/; classtype:trojan-activity;sid:84459006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.0.119"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595905/; classtype:trojan-activity;sid:84459005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.33.144"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595904/; classtype:trojan-activity;sid:84459004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.232.127"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595903/; classtype:trojan-activity;sid:84459003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.176.192"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595902/; classtype:trojan-activity;sid:84459002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.141.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595901/; classtype:trojan-activity;sid:84459001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.33.144"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595900/; classtype:trojan-activity;sid:84459000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.255.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595899/; classtype:trojan-activity;sid:84458999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.127.11"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595897/; classtype:trojan-activity;sid:84458997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.4.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595898/; classtype:trojan-activity;sid:84458998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.65.15"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595896/; classtype:trojan-activity;sid:84458996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/nda%20signature.lnk"; depth:30; endswith; nocase; http.host; content:"kazino-dengi.top"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595895/; classtype:trojan-activity;sid:84458995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/sign%20nda.lnk"; depth:25; endswith; nocase; http.host; content:"kazino-dengi.top"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595894/; classtype:trojan-activity;sid:84458994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/document%20sign.lnk"; depth:30; endswith; nocase; http.host; content:"kazino-dengi.top"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595893/; classtype:trojan-activity;sid:84458993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595892/; classtype:trojan-activity;sid:84458992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595890/; classtype:trojan-activity;sid:84458990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595891/; classtype:trojan-activity;sid:84458991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595888/; classtype:trojan-activity;sid:84458988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595889/; classtype:trojan-activity;sid:84458989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595886/; classtype:trojan-activity;sid:84458986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.170.245"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595887/; classtype:trojan-activity;sid:84458987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595883/; classtype:trojan-activity;sid:84458983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595884/; classtype:trojan-activity;sid:84458984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595885/; classtype:trojan-activity;sid:84458985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595868/; classtype:trojan-activity;sid:84458968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595869/; classtype:trojan-activity;sid:84458969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595870/; classtype:trojan-activity;sid:84458970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595871/; classtype:trojan-activity;sid:84458971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595872/; classtype:trojan-activity;sid:84458972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595873/; classtype:trojan-activity;sid:84458973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595874/; classtype:trojan-activity;sid:84458974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595875/; classtype:trojan-activity;sid:84458975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"43.142.81.219"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595876/; classtype:trojan-activity;sid:84458976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595877/; classtype:trojan-activity;sid:84458977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595878/; classtype:trojan-activity;sid:84458978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595879/; classtype:trojan-activity;sid:84458979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595880/; classtype:trojan-activity;sid:84458980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595881/; classtype:trojan-activity;sid:84458981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"rhinovate.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595882/; classtype:trojan-activity;sid:84458982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/receipt-tc.lnk"; depth:25; endswith; nocase; http.host; content:"94.156.232.85"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595867/; classtype:trojan-activity;sid:84458967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/sign%20nda.lnk"; depth:25; endswith; nocase; http.host; content:"147.45.45.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595865/; classtype:trojan-activity;sid:84458965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/document%20sign.lnk"; depth:30; endswith; nocase; http.host; content:"147.45.45.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595866/; classtype:trojan-activity;sid:84458966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.arm7"; depth:12; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595855/; classtype:trojan-activity;sid:84458955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.ppc"; depth:11; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595856/; classtype:trojan-activity;sid:84458956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.arm"; depth:11; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595857/; classtype:trojan-activity;sid:84458957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.mips"; depth:12; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595858/; classtype:trojan-activity;sid:84458958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.arm5"; depth:12; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595859/; classtype:trojan-activity;sid:84458959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.x86"; depth:11; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595860/; classtype:trojan-activity;sid:84458960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.arm6"; depth:12; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595861/; classtype:trojan-activity;sid:84458961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.mpsl"; depth:12; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595862/; classtype:trojan-activity;sid:84458962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.sh4"; depth:11; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595863/; classtype:trojan-activity;sid:84458963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resgod.arc"; depth:11; endswith; nocase; http.host; content:"192.227.134.76"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595864/; classtype:trojan-activity;sid:84458964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"196.251.114.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595850/; classtype:trojan-activity;sid:84458950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"51.44.22.83"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595851/; classtype:trojan-activity;sid:84458951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"111.231.23.22"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595852/; classtype:trojan-activity;sid:84458952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.224.54.133"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595853/; classtype:trojan-activity;sid:84458953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.107.249.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595854/; classtype:trojan-activity;sid:84458954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"172.190.147.123"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595848/; classtype:trojan-activity;sid:84458948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"118.178.187.223"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595849/; classtype:trojan-activity;sid:84458949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.248.78.104"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595846/; classtype:trojan-activity;sid:84458946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.15.246.91"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595847/; classtype:trojan-activity;sid:84458947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"77.181.74.168"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595845/; classtype:trojan-activity;sid:84458945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.216.28.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595844/; classtype:trojan-activity;sid:84458944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.236.65.84"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595843/; classtype:trojan-activity;sid:84458943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.239.203.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595841/; classtype:trojan-activity;sid:84458941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.209.118.127"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595842/; classtype:trojan-activity;sid:84458942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.215.199.12"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595829/; classtype:trojan-activity;sid:84458929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.175.253.60"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595830/; classtype:trojan-activity;sid:84458930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.23.171.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595831/; classtype:trojan-activity;sid:84458931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.159.0.251"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595832/; classtype:trojan-activity;sid:84458932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.23.171.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595833/; classtype:trojan-activity;sid:84458933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.16.112.63"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595834/; classtype:trojan-activity;sid:84458934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.44"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595835/; classtype:trojan-activity;sid:84458935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.50.146.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595836/; classtype:trojan-activity;sid:84458936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.197.214.163"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595837/; classtype:trojan-activity;sid:84458937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.236.179.65"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595838/; classtype:trojan-activity;sid:84458938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.18.145.148"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595839/; classtype:trojan-activity;sid:84458939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.116.22"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595840/; classtype:trojan-activity;sid:84458940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"181.200.16.159"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595825/; classtype:trojan-activity;sid:84458925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.242.205.99"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595826/; classtype:trojan-activity;sid:84458926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.233.184.152"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595827/; classtype:trojan-activity;sid:84458927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.78.154"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595828/; classtype:trojan-activity;sid:84458928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.150.58"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595821/; classtype:trojan-activity;sid:84458921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.169.56"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595822/; classtype:trojan-activity;sid:84458922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.117.150.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595823/; classtype:trojan-activity;sid:84458923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.47.103.52"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595824/; classtype:trojan-activity;sid:84458924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.130.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595820/; classtype:trojan-activity;sid:84458920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.100.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595819/; classtype:trojan-activity;sid:84458919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.50.50"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595818/; classtype:trojan-activity;sid:84458918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.65.15"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595817/; classtype:trojan-activity;sid:84458917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.50.50"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595816/; classtype:trojan-activity;sid:84458916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.147.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595815/; classtype:trojan-activity;sid:84458915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.34.205.11"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595814/; classtype:trojan-activity;sid:84458914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.139.105"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595813/; classtype:trojan-activity;sid:84458913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.100.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595812/; classtype:trojan-activity;sid:84458912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.193.170"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595811/; classtype:trojan-activity;sid:84458911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.143.23"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595810/; classtype:trojan-activity;sid:84458910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.69.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595809/; classtype:trojan-activity;sid:84458909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.190.108.2"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595808/; classtype:trojan-activity;sid:84458908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.117.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595807/; classtype:trojan-activity;sid:84458907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.147.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595806/; classtype:trojan-activity;sid:84458906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.181.164"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595805/; classtype:trojan-activity;sid:84458905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.139.105"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595804/; classtype:trojan-activity;sid:84458904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.70.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595803/; classtype:trojan-activity;sid:84458903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"64.227.174.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595802/; classtype:trojan-activity;sid:84458902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.44.135"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595801/; classtype:trojan-activity;sid:84458901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.190.108.2"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595800/; classtype:trojan-activity;sid:84458900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.48.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595799/; classtype:trojan-activity;sid:84458899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.69.105"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595798/; classtype:trojan-activity;sid:84458898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.181.164"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595797/; classtype:trojan-activity;sid:84458897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.94.189"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595796/; classtype:trojan-activity;sid:84458896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.239.38"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595795/; classtype:trojan-activity;sid:84458895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.41.6"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595794/; classtype:trojan-activity;sid:84458894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.26.202.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595793/; classtype:trojan-activity;sid:84458893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.239.19"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595792/; classtype:trojan-activity;sid:84458892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.146.247.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595791/; classtype:trojan-activity;sid:84458891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.29.128"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595790/; classtype:trojan-activity;sid:84458890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.94.189"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595789/; classtype:trojan-activity;sid:84458889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.186.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595788/; classtype:trojan-activity;sid:84458888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.239.19"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595787/; classtype:trojan-activity;sid:84458887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.146.247.197"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595786/; classtype:trojan-activity;sid:84458886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595784/; classtype:trojan-activity;sid:84458884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.29.128"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595785/; classtype:trojan-activity;sid:84458885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595783/; classtype:trojan-activity;sid:84458883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595780/; classtype:trojan-activity;sid:84458880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595781/; classtype:trojan-activity;sid:84458881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595782/; classtype:trojan-activity;sid:84458882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595776/; classtype:trojan-activity;sid:84458876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595777/; classtype:trojan-activity;sid:84458877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595778/; classtype:trojan-activity;sid:84458878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595779/; classtype:trojan-activity;sid:84458879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.189.172"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595775/; classtype:trojan-activity;sid:84458875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595772/; classtype:trojan-activity;sid:84458872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595773/; classtype:trojan-activity;sid:84458873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.29.225.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595774/; classtype:trojan-activity;sid:84458874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595771/; classtype:trojan-activity;sid:84458871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595770/; classtype:trojan-activity;sid:84458870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595769/; classtype:trojan-activity;sid:84458869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.42.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595768/; classtype:trojan-activity;sid:84458868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.29.225.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595767/; classtype:trojan-activity;sid:84458867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gd3nrr.ps1"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595766/; classtype:trojan-activity;sid:84458866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.21.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595765/; classtype:trojan-activity;sid:84458865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.14"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595764/; classtype:trojan-activity;sid:84458864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.197.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595763/; classtype:trojan-activity;sid:84458863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterdefender.exe"; depth:20; endswith; nocase; http.host; content:"adobehelp.net"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595762/; classtype:trojan-activity;sid:84458862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xrat25/cliente-csharp-site/raw/refs/heads/main/4774321123565.msi"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595761/; classtype:trojan-activity;sid:84458861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8144544696/xwtpdso.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595757/; classtype:trojan-activity;sid:84458857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7520802261/rnfcljf.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595758/; classtype:trojan-activity;sid:84458858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/izhk99pe22mtaf0wtxm2u/tokorunsetup-1.1.7z|3f|rlkey=3ohe6ku8hjturbezpm0loopkf|7c|26|7c|st=h95xojy5|7c|26|7c|dl=1"; depth:119; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595759/; classtype:trojan-activity;sid:84458859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6394836594/blmi6vt.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595760/; classtype:trojan-activity;sid:84458860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1013240947/tnhnzxh.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595756/; classtype:trojan-activity;sid:84458856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs.exe"; depth:7; endswith; nocase; http.host; content:"146.103.115.41"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595755/; classtype:trojan-activity;sid:84458855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.63.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595754/; classtype:trojan-activity;sid:84458854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.60.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595752/; classtype:trojan-activity;sid:84458852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.173.23"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595753/; classtype:trojan-activity;sid:84458853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.21.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595751/; classtype:trojan-activity;sid:84458851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.248.99"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595750/; classtype:trojan-activity;sid:84458850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.208.30"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595749/; classtype:trojan-activity;sid:84458849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.17.64.212"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595748/; classtype:trojan-activity;sid:84458848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.248.99"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595747/; classtype:trojan-activity;sid:84458847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.15.90"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595746/; classtype:trojan-activity;sid:84458846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595745/; classtype:trojan-activity;sid:84458845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.172.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595743/; classtype:trojan-activity;sid:84458843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.220.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595744/; classtype:trojan-activity;sid:84458844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.106.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595742/; classtype:trojan-activity;sid:84458842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.60.69"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595741/; classtype:trojan-activity;sid:84458841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.136.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595740/; classtype:trojan-activity;sid:84458840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.15.90"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595739/; classtype:trojan-activity;sid:84458839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.220.194"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595738/; classtype:trojan-activity;sid:84458838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.106.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595737/; classtype:trojan-activity;sid:84458837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.238.4"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595736/; classtype:trojan-activity;sid:84458836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.119.160"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595735/; classtype:trojan-activity;sid:84458835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.119.160"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595734/; classtype:trojan-activity;sid:84458834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.241.57.95"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595733/; classtype:trojan-activity;sid:84458833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.246.228"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595732/; classtype:trojan-activity;sid:84458832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.125.24.49"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595731/; classtype:trojan-activity;sid:84458831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.167.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595730/; classtype:trojan-activity;sid:84458830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.136.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595728/; classtype:trojan-activity;sid:84458828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.238.4"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595729/; classtype:trojan-activity;sid:84458829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.45.39"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595727/; classtype:trojan-activity;sid:84458827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.74.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595726/; classtype:trojan-activity;sid:84458826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.111.86"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595725/; classtype:trojan-activity;sid:84458825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.246.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595724/; classtype:trojan-activity;sid:84458824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.175.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595722/; classtype:trojan-activity;sid:84458822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.61.54"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595723/; classtype:trojan-activity;sid:84458823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.227.209.155"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595721/; classtype:trojan-activity;sid:84458821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.175.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595720/; classtype:trojan-activity;sid:84458820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.177.111"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595719/; classtype:trojan-activity;sid:84458819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.163.147.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595718/; classtype:trojan-activity;sid:84458818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.61.54"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595717/; classtype:trojan-activity;sid:84458817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unrar.exe"; depth:10; endswith; nocase; http.host; content:"178.236.252.252"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595716/; classtype:trojan-activity;sid:84458816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/nnme/bllh.rar"; depth:19; endswith; nocase; http.host; content:"178.236.252.252"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595715/; classtype:trojan-activity;sid:84458815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/appz/rinf.rar"; depth:19; endswith; nocase; http.host; content:"178.236.252.252"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595714/; classtype:trojan-activity;sid:84458814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.191.20.199"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595713/; classtype:trojan-activity;sid:84458813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.163.147.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595712/; classtype:trojan-activity;sid:84458812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.42.209"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595711/; classtype:trojan-activity;sid:84458811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ups/setup.exe"; depth:14; endswith; nocase; http.host; content:"45.145.7.134"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595710/; classtype:trojan-activity;sid:84458810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.196.114"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595709/; classtype:trojan-activity;sid:84458809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.246.228"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595708/; classtype:trojan-activity;sid:84458808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.61.211"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595707/; classtype:trojan-activity;sid:84458807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.199.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595706/; classtype:trojan-activity;sid:84458806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.227.209.155"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595705/; classtype:trojan-activity;sid:84458805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.190.211"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595704/; classtype:trojan-activity;sid:84458804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.219.117"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595703/; classtype:trojan-activity;sid:84458803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.141.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595702/; classtype:trojan-activity;sid:84458802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6531942622/ggc8bz3.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595701/; classtype:trojan-activity;sid:84458801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6531942622/ggc8bz3.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595700/; classtype:trojan-activity;sid:84458800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.52.68"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595699/; classtype:trojan-activity;sid:84458799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.219.117"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595698/; classtype:trojan-activity;sid:84458798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595697/; classtype:trojan-activity;sid:84458797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595696/; classtype:trojan-activity;sid:84458796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595695/; classtype:trojan-activity;sid:84458795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595693/; classtype:trojan-activity;sid:84458793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595694/; classtype:trojan-activity;sid:84458794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"185.208.159.135"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595692/; classtype:trojan-activity;sid:84458792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.105.71"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595691/; classtype:trojan-activity;sid:84458791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.173.23"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595690/; classtype:trojan-activity;sid:84458790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.1.14"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595689/; classtype:trojan-activity;sid:84458789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.4.217"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595687/; classtype:trojan-activity;sid:84458787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595688/; classtype:trojan-activity;sid:84458788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.141.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595686/; classtype:trojan-activity;sid:84458786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.239.38"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595685/; classtype:trojan-activity;sid:84458785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.193.219"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595684/; classtype:trojan-activity;sid:84458784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.58.124"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595683/; classtype:trojan-activity;sid:84458783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.89.63"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595682/; classtype:trojan-activity;sid:84458782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.26.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595681/; classtype:trojan-activity;sid:84458781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.236.8"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595680/; classtype:trojan-activity;sid:84458780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.132.165.174"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595679/; classtype:trojan-activity;sid:84458779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.89.63"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595678/; classtype:trojan-activity;sid:84458778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.26.53"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595677/; classtype:trojan-activity;sid:84458777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.81.220"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595676/; classtype:trojan-activity;sid:84458776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.192.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595675/; classtype:trojan-activity;sid:84458775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.165.174"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595674/; classtype:trojan-activity;sid:84458774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.238.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595673/; classtype:trojan-activity;sid:84458773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.145.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595672/; classtype:trojan-activity;sid:84458772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.17.24.14"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595671/; classtype:trojan-activity;sid:84458771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.192.109"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595670/; classtype:trojan-activity;sid:84458770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.81.220"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595669/; classtype:trojan-activity;sid:84458769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.230.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595668/; classtype:trojan-activity;sid:84458768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7390569416/yzymfgo.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595667/; classtype:trojan-activity;sid:84458767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.238.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595666/; classtype:trojan-activity;sid:84458766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.177.212"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595665/; classtype:trojan-activity;sid:84458765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.253.17"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595664/; classtype:trojan-activity;sid:84458764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.230.118"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595663/; classtype:trojan-activity;sid:84458763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.186.57"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595662/; classtype:trojan-activity;sid:84458762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.231.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595661/; classtype:trojan-activity;sid:84458761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.124.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595660/; classtype:trojan-activity;sid:84458760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.193.219"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595659/; classtype:trojan-activity;sid:84458759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.231.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595658/; classtype:trojan-activity;sid:84458758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.89.102.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595657/; classtype:trojan-activity;sid:84458757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.124.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595656/; classtype:trojan-activity;sid:84458756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.79.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595655/; classtype:trojan-activity;sid:84458755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.15.102"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595654/; classtype:trojan-activity;sid:84458754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.172.219"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595653/; classtype:trojan-activity;sid:84458753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.79.55"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595652/; classtype:trojan-activity;sid:84458752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.26.202.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595651/; classtype:trojan-activity;sid:84458751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.236.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595649/; classtype:trojan-activity;sid:84458749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.89.102.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595650/; classtype:trojan-activity;sid:84458750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.34.205.11"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595648/; classtype:trojan-activity;sid:84458748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.193.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595647/; classtype:trojan-activity;sid:84458747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.24.153"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595646/; classtype:trojan-activity;sid:84458746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.110"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595645/; classtype:trojan-activity;sid:84458745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.24.153"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595644/; classtype:trojan-activity;sid:84458744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.172.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595643/; classtype:trojan-activity;sid:84458743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"184.171.219.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595642/; classtype:trojan-activity;sid:84458742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595641/; classtype:trojan-activity;sid:84458741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.85.141"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595640/; classtype:trojan-activity;sid:84458740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.1.232"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595637/; classtype:trojan-activity;sid:84458737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.85.141"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595638/; classtype:trojan-activity;sid:84458738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"103.67.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595639/; classtype:trojan-activity;sid:84458739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.60.135"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595636/; classtype:trojan-activity;sid:84458736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.248.37.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595635/; classtype:trojan-activity;sid:84458735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.252.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595634/; classtype:trojan-activity;sid:84458734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.4.240"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595633/; classtype:trojan-activity;sid:84458733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.129.58"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595631/; classtype:trojan-activity;sid:84458731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.74.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595632/; classtype:trojan-activity;sid:84458732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.216.72"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595630/; classtype:trojan-activity;sid:84458730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.79.213"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595629/; classtype:trojan-activity;sid:84458729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.221.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595628/; classtype:trojan-activity;sid:84458728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.216.72"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595627/; classtype:trojan-activity;sid:84458727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.25.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595626/; classtype:trojan-activity;sid:84458726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"184.171.219.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595625/; classtype:trojan-activity;sid:84458725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.212.160"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595624/; classtype:trojan-activity;sid:84458724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.246.223"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595623/; classtype:trojan-activity;sid:84458723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.225.52.108"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595622/; classtype:trojan-activity;sid:84458722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.114.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595621/; classtype:trojan-activity;sid:84458721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.221.137"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595620/; classtype:trojan-activity;sid:84458720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.143.171.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595619/; classtype:trojan-activity;sid:84458719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.133.54"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595618/; classtype:trojan-activity;sid:84458718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.114.223"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595617/; classtype:trojan-activity;sid:84458717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595615/; classtype:trojan-activity;sid:84458715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595616/; classtype:trojan-activity;sid:84458716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595611/; classtype:trojan-activity;sid:84458711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595612/; classtype:trojan-activity;sid:84458712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595613/; classtype:trojan-activity;sid:84458713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595614/; classtype:trojan-activity;sid:84458714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595609/; classtype:trojan-activity;sid:84458709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595610/; classtype:trojan-activity;sid:84458710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595608/; classtype:trojan-activity;sid:84458708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595602/; classtype:trojan-activity;sid:84458702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595603/; classtype:trojan-activity;sid:84458703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595604/; classtype:trojan-activity;sid:84458704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595605/; classtype:trojan-activity;sid:84458705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595606/; classtype:trojan-activity;sid:84458706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"91.92.70.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595607/; classtype:trojan-activity;sid:84458707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.116.130"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595601/; classtype:trojan-activity;sid:84458701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; depth:71; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595596/; classtype:trojan-activity;sid:84458696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86_64"; depth:73; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595597/; classtype:trojan-activity;sid:84458697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; depth:70; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595598/; classtype:trojan-activity;sid:84458698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; depth:70; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595599/; classtype:trojan-activity;sid:84458699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; depth:70; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595600/; classtype:trojan-activity;sid:84458700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595593/; classtype:trojan-activity;sid:84458693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595594/; classtype:trojan-activity;sid:84458694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595595/; classtype:trojan-activity;sid:84458695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.ppc440fp"; depth:22; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595590/; classtype:trojan-activity;sid:84458690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.arm4"; depth:18; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595591/; classtype:trojan-activity;sid:84458691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.i468"; depth:18; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595592/; classtype:trojan-activity;sid:84458692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.161.141"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595589/; classtype:trojan-activity;sid:84458689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.143.174.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595588/; classtype:trojan-activity;sid:84458688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"217.156.122.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595580/; classtype:trojan-activity;sid:84458680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"217.156.122.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595581/; classtype:trojan-activity;sid:84458681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"217.156.122.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595582/; classtype:trojan-activity;sid:84458682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"217.156.122.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595583/; classtype:trojan-activity;sid:84458683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"217.156.122.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595584/; classtype:trojan-activity;sid:84458684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm4"; depth:15; endswith; nocase; http.host; content:"217.156.122.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595585/; classtype:trojan-activity;sid:84458685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"217.156.122.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595586/; classtype:trojan-activity;sid:84458686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"217.156.122.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595587/; classtype:trojan-activity;sid:84458687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm4"; depth:15; endswith; nocase; http.host; content:"196.251.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595579/; classtype:trojan-activity;sid:84458679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595577/; classtype:trojan-activity;sid:84458677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595578/; classtype:trojan-activity;sid:84458678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.syncd"; depth:12; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595571/; classtype:trojan-activity;sid:84458671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595572/; classtype:trojan-activity;sid:84458672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595573/; classtype:trojan-activity;sid:84458673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.irqbal"; depth:13; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595574/; classtype:trojan-activity;sid:84458674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595575/; classtype:trojan-activity;sid:84458675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595576/; classtype:trojan-activity;sid:84458676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595556/; classtype:trojan-activity;sid:84458656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.modprobe"; depth:15; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595557/; classtype:trojan-activity;sid:84458657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595558/; classtype:trojan-activity;sid:84458658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.dbusd"; depth:12; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595559/; classtype:trojan-activity;sid:84458659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595560/; classtype:trojan-activity;sid:84458660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.upstart"; depth:14; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595561/; classtype:trojan-activity;sid:84458661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595562/; classtype:trojan-activity;sid:84458662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.klogd"; depth:12; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595563/; classtype:trojan-activity;sid:84458663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.kthreadd"; depth:15; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595564/; classtype:trojan-activity;sid:84458664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.rsysl"; depth:12; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595565/; classtype:trojan-activity;sid:84458665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.netd"; depth:11; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595566/; classtype:trojan-activity;sid:84458666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.ksysd"; depth:12; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595567/; classtype:trojan-activity;sid:84458667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595568/; classtype:trojan-activity;sid:84458668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595569/; classtype:trojan-activity;sid:84458669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.udevmon"; depth:14; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595570/; classtype:trojan-activity;sid:84458670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595553/; classtype:trojan-activity;sid:84458653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595554/; classtype:trojan-activity;sid:84458654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595555/; classtype:trojan-activity;sid:84458655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.i468"; depth:26; endswith; nocase; http.host; content:"as.ddos678.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595551/; classtype:trojan-activity;sid:84458651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595552/; classtype:trojan-activity;sid:84458652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595545/; classtype:trojan-activity;sid:84458645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595546/; classtype:trojan-activity;sid:84458646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595547/; classtype:trojan-activity;sid:84458647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595548/; classtype:trojan-activity;sid:84458648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595549/; classtype:trojan-activity;sid:84458649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595550/; classtype:trojan-activity;sid:84458650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595536/; classtype:trojan-activity;sid:84458636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595537/; classtype:trojan-activity;sid:84458637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595538/; classtype:trojan-activity;sid:84458638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595539/; classtype:trojan-activity;sid:84458639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595540/; classtype:trojan-activity;sid:84458640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595541/; classtype:trojan-activity;sid:84458641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595542/; classtype:trojan-activity;sid:84458642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbts/.systemd-jd"; depth:17; endswith; nocase; http.host; content:"196.251.115.36"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595543/; classtype:trojan-activity;sid:84458643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"92.113.21.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595544/; classtype:trojan-activity;sid:84458644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.171.36.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595535/; classtype:trojan-activity;sid:84458635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.116.130"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595534/; classtype:trojan-activity;sid:84458634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.161.141"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595533/; classtype:trojan-activity;sid:84458633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/9sen7q58lx4hcvind8q1s/roxyrushs.exe|3f|rlkey=lu6yr2066awzwfdaluh29gg5e|7c|26|7c|st=1nh29dr3|7c|26|7c|dl=1"; depth:113; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595532/; classtype:trojan-activity;sid:84458632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/home"; depth:5; endswith; nocase; http.host; content:"vpn.cursinqfirewall.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595530/; classtype:trojan-activity;sid:84458630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aboutus"; depth:8; endswith; nocase; http.host; content:"vpn.cursinqfirewall.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595531/; classtype:trojan-activity;sid:84458631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595529/; classtype:trojan-activity;sid:84458629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595527/; classtype:trojan-activity;sid:84458627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595528/; classtype:trojan-activity;sid:84458628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595526/; classtype:trojan-activity;sid:84458626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595525/; classtype:trojan-activity;sid:84458625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595524/; classtype:trojan-activity;sid:84458624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595523/; classtype:trojan-activity;sid:84458623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595522/; classtype:trojan-activity;sid:84458622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.70.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595521/; classtype:trojan-activity;sid:84458621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595518/; classtype:trojan-activity;sid:84458618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/775892292/byndwfn.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595519/; classtype:trojan-activity;sid:84458619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/808230937/nih80ko.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595520/; classtype:trojan-activity;sid:84458620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"176.123.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595502/; classtype:trojan-activity;sid:84458602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"103.149.253.145"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595503/; classtype:trojan-activity;sid:84458603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.arm"; depth:15; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595504/; classtype:trojan-activity;sid:84458604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.arc"; depth:15; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595505/; classtype:trojan-activity;sid:84458605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.x86"; depth:15; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595506/; classtype:trojan-activity;sid:84458606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.ppc"; depth:15; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595507/; classtype:trojan-activity;sid:84458607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.mpsl"; depth:16; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595508/; classtype:trojan-activity;sid:84458608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.spc"; depth:15; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595509/; classtype:trojan-activity;sid:84458609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.arm5"; depth:16; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595510/; classtype:trojan-activity;sid:84458610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.arm7"; depth:16; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595511/; classtype:trojan-activity;sid:84458611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.mips"; depth:16; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595512/; classtype:trojan-activity;sid:84458612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.arm6"; depth:16; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595513/; classtype:trojan-activity;sid:84458613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.x86_64"; depth:18; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595514/; classtype:trojan-activity;sid:84458614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.sh4"; depth:15; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595515/; classtype:trojan-activity;sid:84458615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595516/; classtype:trojan-activity;sid:84458616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h0ney.m68k"; depth:16; endswith; nocase; http.host; content:"196.251.114.63"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595517/; classtype:trojan-activity;sid:84458617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595501/; classtype:trojan-activity;sid:84458601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/712902258/rhsvjbi.exe"; depth:28; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595498/; classtype:trojan-activity;sid:84458598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6805932958/mrhxu3s.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595499/; classtype:trojan-activity;sid:84458599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595500/; classtype:trojan-activity;sid:84458600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1013240947/gqkuito.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595497/; classtype:trojan-activity;sid:84458597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.5.172"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595496/; classtype:trojan-activity;sid:84458596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.129.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595495/; classtype:trojan-activity;sid:84458595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.131.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595494/; classtype:trojan-activity;sid:84458594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.171.36.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595493/; classtype:trojan-activity;sid:84458593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.82.117"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595492/; classtype:trojan-activity;sid:84458592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.129.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595491/; classtype:trojan-activity;sid:84458591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.131.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595490/; classtype:trojan-activity;sid:84458590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.5.172"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595489/; classtype:trojan-activity;sid:84458589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.82.117"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595488/; classtype:trojan-activity;sid:84458588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595487/; classtype:trojan-activity;sid:84458587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.197.98"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595486/; classtype:trojan-activity;sid:84458586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.175.110"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595485/; classtype:trojan-activity;sid:84458585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.151.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595484/; classtype:trojan-activity;sid:84458584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.21.173.225"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595483/; classtype:trojan-activity;sid:84458583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.210.41"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595482/; classtype:trojan-activity;sid:84458582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.103.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595481/; classtype:trojan-activity;sid:84458581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.239.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595480/; classtype:trojan-activity;sid:84458580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.13.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595479/; classtype:trojan-activity;sid:84458579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.151.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595478/; classtype:trojan-activity;sid:84458578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.8.162"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595477/; classtype:trojan-activity;sid:84458577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.147.64"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595476/; classtype:trojan-activity;sid:84458576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.17.55"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595475/; classtype:trojan-activity;sid:84458575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.103.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595474/; classtype:trojan-activity;sid:84458574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.239.141"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595473/; classtype:trojan-activity;sid:84458573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.210.41"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595472/; classtype:trojan-activity;sid:84458572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.128.181.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595471/; classtype:trojan-activity;sid:84458571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.40.165.172"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595470/; classtype:trojan-activity;sid:84458570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.8.162"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595469/; classtype:trojan-activity;sid:84458569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.17.55"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595468/; classtype:trojan-activity;sid:84458568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.226.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595467/; classtype:trojan-activity;sid:84458567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.40.165.172"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595466/; classtype:trojan-activity;sid:84458566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.81.107"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595465/; classtype:trojan-activity;sid:84458565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.128.181.88"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595464/; classtype:trojan-activity;sid:84458564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.61.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595463/; classtype:trojan-activity;sid:84458563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.173.28"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595462/; classtype:trojan-activity;sid:84458562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.113.39"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595461/; classtype:trojan-activity;sid:84458561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.84.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595460/; classtype:trojan-activity;sid:84458560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.69.189"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595459/; classtype:trojan-activity;sid:84458559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.61.94"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595458/; classtype:trojan-activity;sid:84458558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.222.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595457/; classtype:trojan-activity;sid:84458557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.198.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595456/; classtype:trojan-activity;sid:84458556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.141.124"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595455/; classtype:trojan-activity;sid:84458555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.222.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595454/; classtype:trojan-activity;sid:84458554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.113.65"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595453/; classtype:trojan-activity;sid:84458553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"89.42.88.210"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595451/; classtype:trojan-activity;sid:84458551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.48.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595452/; classtype:trojan-activity;sid:84458552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.94.25"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595450/; classtype:trojan-activity;sid:84458550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.14"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595449/; classtype:trojan-activity;sid:84458549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.17.93.130"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595448/; classtype:trojan-activity;sid:84458548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.94.25"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595447/; classtype:trojan-activity;sid:84458547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.81.31"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595446/; classtype:trojan-activity;sid:84458546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.211.1"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595445/; classtype:trojan-activity;sid:84458545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.214.14"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595444/; classtype:trojan-activity;sid:84458544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.174.62"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595443/; classtype:trojan-activity;sid:84458543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.160.225"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595442/; classtype:trojan-activity;sid:84458542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.214.14"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595441/; classtype:trojan-activity;sid:84458541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.174.62"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595440/; classtype:trojan-activity;sid:84458540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.130.233"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595439/; classtype:trojan-activity;sid:84458539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.226.162"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595438/; classtype:trojan-activity;sid:84458538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.25.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595437/; classtype:trojan-activity;sid:84458537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.235.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595436/; classtype:trojan-activity;sid:84458536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.138.77"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595435/; classtype:trojan-activity;sid:84458535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.222.255.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595434/; classtype:trojan-activity;sid:84458534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.69.189"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595433/; classtype:trojan-activity;sid:84458533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.73.55"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595432/; classtype:trojan-activity;sid:84458532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.238.133"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595431/; classtype:trojan-activity;sid:84458531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.43.120"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595430/; classtype:trojan-activity;sid:84458530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.239.153"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595429/; classtype:trojan-activity;sid:84458529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.186.209"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595428/; classtype:trojan-activity;sid:84458528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.140.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595427/; classtype:trojan-activity;sid:84458527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.238.133"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595426/; classtype:trojan-activity;sid:84458526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.186.209"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595425/; classtype:trojan-activity;sid:84458525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.33.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595424/; classtype:trojan-activity;sid:84458524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.239.153"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595423/; classtype:trojan-activity;sid:84458523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.106.199"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595422/; classtype:trojan-activity;sid:84458522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.140.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595421/; classtype:trojan-activity;sid:84458521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.76.202"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595420/; classtype:trojan-activity;sid:84458520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.244.203.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595419/; classtype:trojan-activity;sid:84458519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.110.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595418/; classtype:trojan-activity;sid:84458518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.207.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595417/; classtype:trojan-activity;sid:84458517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.33.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595416/; classtype:trojan-activity;sid:84458516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.61.89"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595415/; classtype:trojan-activity;sid:84458515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.1.23"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595414/; classtype:trojan-activity;sid:84458514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.17.195.61"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595413/; classtype:trojan-activity;sid:84458513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.132.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595412/; classtype:trojan-activity;sid:84458512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.244.203.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595411/; classtype:trojan-activity;sid:84458511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.76.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595410/; classtype:trojan-activity;sid:84458510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.207.215"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595409/; classtype:trojan-activity;sid:84458509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.200.110.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595408/; classtype:trojan-activity;sid:84458508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.186.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595407/; classtype:trojan-activity;sid:84458507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.173.28"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595406/; classtype:trojan-activity;sid:84458506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.119.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595405/; classtype:trojan-activity;sid:84458505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.31.233"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595404/; classtype:trojan-activity;sid:84458504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.79.113"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595403/; classtype:trojan-activity;sid:84458503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.119.176"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595402/; classtype:trojan-activity;sid:84458502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.42.89.229"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595401/; classtype:trojan-activity;sid:84458501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.31.233"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595400/; classtype:trojan-activity;sid:84458500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.86.12"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595399/; classtype:trojan-activity;sid:84458499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.40.227"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595398/; classtype:trojan-activity;sid:84458498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.236.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595397/; classtype:trojan-activity;sid:84458497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.196.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595396/; classtype:trojan-activity;sid:84458496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.29.13"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595395/; classtype:trojan-activity;sid:84458495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.66.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595394/; classtype:trojan-activity;sid:84458494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.77.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595393/; classtype:trojan-activity;sid:84458493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.40.227"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595392/; classtype:trojan-activity;sid:84458492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.236.249"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595391/; classtype:trojan-activity;sid:84458491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.106.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595390/; classtype:trojan-activity;sid:84458490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.34.87"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595389/; classtype:trojan-activity;sid:84458489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.29.13"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595388/; classtype:trojan-activity;sid:84458488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.88.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595387/; classtype:trojan-activity;sid:84458487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.255.57"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595386/; classtype:trojan-activity;sid:84458486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595385/; classtype:trojan-activity;sid:84458485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.125.241.224"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595384/; classtype:trojan-activity;sid:84458484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.144.5"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595383/; classtype:trojan-activity;sid:84458483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.122.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595382/; classtype:trojan-activity;sid:84458482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.220.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595380/; classtype:trojan-activity;sid:84458480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.106.199"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595381/; classtype:trojan-activity;sid:84458481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.88.202"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595379/; classtype:trojan-activity;sid:84458479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.194.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595375/; classtype:trojan-activity;sid:84458475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.220.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595376/; classtype:trojan-activity;sid:84458476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.179.234.153"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595377/; classtype:trojan-activity;sid:84458477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.179.234.153"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595378/; classtype:trojan-activity;sid:84458478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.127.11"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595374/; classtype:trojan-activity;sid:84458474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.88.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595373/; classtype:trojan-activity;sid:84458473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.194.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595372/; classtype:trojan-activity;sid:84458472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595371/; classtype:trojan-activity;sid:84458471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"152.53.209.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595370/; classtype:trojan-activity;sid:84458470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"87.121.84.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595359/; classtype:trojan-activity;sid:84458459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"162.247.155.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595360/; classtype:trojan-activity;sid:84458460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"87.121.84.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595361/; classtype:trojan-activity;sid:84458461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"162.247.155.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595362/; classtype:trojan-activity;sid:84458462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"162.247.155.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595363/; classtype:trojan-activity;sid:84458463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"162.247.155.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595364/; classtype:trojan-activity;sid:84458464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"87.121.84.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595365/; classtype:trojan-activity;sid:84458465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"152.53.209.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595366/; classtype:trojan-activity;sid:84458466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"152.53.209.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595367/; classtype:trojan-activity;sid:84458467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"87.121.84.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595368/; classtype:trojan-activity;sid:84458468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"162.247.155.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595369/; classtype:trojan-activity;sid:84458469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"87.121.84.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595353/; classtype:trojan-activity;sid:84458453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"87.121.84.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595354/; classtype:trojan-activity;sid:84458454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"162.247.155.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595355/; classtype:trojan-activity;sid:84458455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"152.53.209.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595356/; classtype:trojan-activity;sid:84458456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"152.53.209.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595357/; classtype:trojan-activity;sid:84458457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"162.247.155.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595358/; classtype:trojan-activity;sid:84458458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"152.53.209.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595346/; classtype:trojan-activity;sid:84458446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"152.53.209.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595347/; classtype:trojan-activity;sid:84458447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"162.247.155.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595348/; classtype:trojan-activity;sid:84458448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"152.53.209.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595349/; classtype:trojan-activity;sid:84458449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"152.53.209.147"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595350/; classtype:trojan-activity;sid:84458450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"162.247.155.210"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595351/; classtype:trojan-activity;sid:84458451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"87.121.84.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595352/; classtype:trojan-activity;sid:84458452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.238.145"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595345/; classtype:trojan-activity;sid:84458445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.125.241.224"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595344/; classtype:trojan-activity;sid:84458444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.60.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595343/; classtype:trojan-activity;sid:84458443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.0.119"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595342/; classtype:trojan-activity;sid:84458442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.247.137"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595341/; classtype:trojan-activity;sid:84458441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.93.69.227"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595340/; classtype:trojan-activity;sid:84458440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.88.202"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595339/; classtype:trojan-activity;sid:84458439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.238.145"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595338/; classtype:trojan-activity;sid:84458438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.247.137"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595337/; classtype:trojan-activity;sid:84458437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.145.58"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595336/; classtype:trojan-activity;sid:84458436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.251.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595335/; classtype:trojan-activity;sid:84458435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.81.153"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595334/; classtype:trojan-activity;sid:84458434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.111.189"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595333/; classtype:trojan-activity;sid:84458433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.76.202"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595332/; classtype:trojan-activity;sid:84458432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.143.142"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595331/; classtype:trojan-activity;sid:84458431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.217.206"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595330/; classtype:trojan-activity;sid:84458430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.250.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595329/; classtype:trojan-activity;sid:84458429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.21.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595328/; classtype:trojan-activity;sid:84458428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.167.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595327/; classtype:trojan-activity;sid:84458427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.117.165"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595326/; classtype:trojan-activity;sid:84458426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.186.71"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595325/; classtype:trojan-activity;sid:84458425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.143.142"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595324/; classtype:trojan-activity;sid:84458424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.116.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595323/; classtype:trojan-activity;sid:84458423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.21.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595322/; classtype:trojan-activity;sid:84458422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.217.206"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595321/; classtype:trojan-activity;sid:84458421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.251.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595320/; classtype:trojan-activity;sid:84458420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.250.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595319/; classtype:trojan-activity;sid:84458419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.116.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595318/; classtype:trojan-activity;sid:84458418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.138.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595317/; classtype:trojan-activity;sid:84458417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.237.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595316/; classtype:trojan-activity;sid:84458416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.81.107"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595315/; classtype:trojan-activity;sid:84458415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.26.22"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595314/; classtype:trojan-activity;sid:84458414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.255.232.166"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595313/; classtype:trojan-activity;sid:84458413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.237.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595312/; classtype:trojan-activity;sid:84458412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.161.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595311/; classtype:trojan-activity;sid:84458411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"195.96.129.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595310/; classtype:trojan-activity;sid:84458410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.60.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595309/; classtype:trojan-activity;sid:84458409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.147.64"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595308/; classtype:trojan-activity;sid:84458408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.102.170"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595307/; classtype:trojan-activity;sid:84458407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.60.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595306/; classtype:trojan-activity;sid:84458406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.102.170"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595305/; classtype:trojan-activity;sid:84458405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.197.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595304/; classtype:trojan-activity;sid:84458404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.253.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595303/; classtype:trojan-activity;sid:84458403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.204.26"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595302/; classtype:trojan-activity;sid:84458402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.93.69.227"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595301/; classtype:trojan-activity;sid:84458401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/delay_report_08.2025.pdf.lnk"; depth:35; endswith; nocase; http.host; content:"92.118.112.17"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595300/; classtype:trojan-activity;sid:84458400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/receipt-tc-2739230.mp4"; depth:28; endswith; nocase; http.host; content:"de-privatkunden.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595299/; classtype:trojan-activity;sid:84458399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.134.213.167"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595298/; classtype:trojan-activity;sid:84458398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents/receipt-tc-2739230.lnk"; depth:33; endswith; nocase; http.host; content:"94.156.232.85"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595297/; classtype:trojan-activity;sid:84458397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595296/; classtype:trojan-activity;sid:84458396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595295/; classtype:trojan-activity;sid:84458395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595293/; classtype:trojan-activity;sid:84458393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595294/; classtype:trojan-activity;sid:84458394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595286/; classtype:trojan-activity;sid:84458386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.x86"; depth:17; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595287/; classtype:trojan-activity;sid:84458387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.m68k"; depth:18; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595288/; classtype:trojan-activity;sid:84458388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595289/; classtype:trojan-activity;sid:84458389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595290/; classtype:trojan-activity;sid:84458390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595291/; classtype:trojan-activity;sid:84458391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595292/; classtype:trojan-activity;sid:84458392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.spc"; depth:17; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595282/; classtype:trojan-activity;sid:84458382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595283/; classtype:trojan-activity;sid:84458383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595284/; classtype:trojan-activity;sid:84458384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595285/; classtype:trojan-activity;sid:84458385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595280/; classtype:trojan-activity;sid:84458380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"207.244.199.222"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595281/; classtype:trojan-activity;sid:84458381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595279/; classtype:trojan-activity;sid:84458379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.arm"; depth:17; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595277/; classtype:trojan-activity;sid:84458377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.arm5"; depth:18; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595278/; classtype:trojan-activity;sid:84458378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595276/; classtype:trojan-activity;sid:84458376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firearm.sh"; depth:11; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595268/; classtype:trojan-activity;sid:84458368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay"; depth:4; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595269/; classtype:trojan-activity;sid:84458369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnap"; depth:5; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595270/; classtype:trojan-activity;sid:84458370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595271/; classtype:trojan-activity;sid:84458371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.mips"; depth:18; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595272/; classtype:trojan-activity;sid:84458372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595273/; classtype:trojan-activity;sid:84458373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595274/; classtype:trojan-activity;sid:84458374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.x86_64"; depth:20; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595275/; classtype:trojan-activity;sid:84458375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595256/; classtype:trojan-activity;sid:84458356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595257/; classtype:trojan-activity;sid:84458357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.arm6"; depth:18; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595258/; classtype:trojan-activity;sid:84458358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.arm7"; depth:18; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595259/; classtype:trojan-activity;sid:84458359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pulse"; depth:6; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595260/; classtype:trojan-activity;sid:84458360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.ppc"; depth:17; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595261/; classtype:trojan-activity;sid:84458361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595262/; classtype:trojan-activity;sid:84458362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.mpsl"; depth:18; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595263/; classtype:trojan-activity;sid:84458363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.i686"; depth:18; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595264/; classtype:trojan-activity;sid:84458364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595265/; classtype:trojan-activity;sid:84458365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/firearm.sh4"; depth:17; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595266/; classtype:trojan-activity;sid:84458366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595267/; classtype:trojan-activity;sid:84458367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595254/; classtype:trojan-activity;sid:84458354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firearmsgay.sh"; depth:15; endswith; nocase; http.host; content:"87.121.84.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595255/; classtype:trojan-activity;sid:84458355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.46.72.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595246/; classtype:trojan-activity;sid:84458346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.46.72.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595247/; classtype:trojan-activity;sid:84458347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"140.143.194.26"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595248/; classtype:trojan-activity;sid:84458348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"137.131.24.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595249/; classtype:trojan-activity;sid:84458349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"42.113.217.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595250/; classtype:trojan-activity;sid:84458350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"137.131.24.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595251/; classtype:trojan-activity;sid:84458351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.201.75.136"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595252/; classtype:trojan-activity;sid:84458352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.99.94.41"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595253/; classtype:trojan-activity;sid:84458353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.218.179"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595245/; classtype:trojan-activity;sid:84458345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.253.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595244/; classtype:trojan-activity;sid:84458344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.109.83.84"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595239/; classtype:trojan-activity;sid:84458339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.122.30.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595240/; classtype:trojan-activity;sid:84458340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.46.72.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595241/; classtype:trojan-activity;sid:84458341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"146.56.225.103"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595242/; classtype:trojan-activity;sid:84458342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.46.72.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595243/; classtype:trojan-activity;sid:84458343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.50.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595238/; classtype:trojan-activity;sid:84458338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.208.181.67"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595236/; classtype:trojan-activity;sid:84458336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.248.196.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595237/; classtype:trojan-activity;sid:84458337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.161.254.102"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595231/; classtype:trojan-activity;sid:84458331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.248.234.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595232/; classtype:trojan-activity;sid:84458332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.221.80.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595233/; classtype:trojan-activity;sid:84458333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"181.200.30.133"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595234/; classtype:trojan-activity;sid:84458334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.47.9.147"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595235/; classtype:trojan-activity;sid:84458335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.181.82.216"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595216/; classtype:trojan-activity;sid:84458316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"104.247.249.211"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595217/; classtype:trojan-activity;sid:84458317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.49.50.77"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595218/; classtype:trojan-activity;sid:84458318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.183.252.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595219/; classtype:trojan-activity;sid:84458319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.248.66.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595220/; classtype:trojan-activity;sid:84458320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.147.164.150"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595221/; classtype:trojan-activity;sid:84458321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.184.83.59"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595222/; classtype:trojan-activity;sid:84458322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"116.105.136.238"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595223/; classtype:trojan-activity;sid:84458323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.76.237"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595224/; classtype:trojan-activity;sid:84458324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.143.31.218"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595225/; classtype:trojan-activity;sid:84458325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.248.66.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595226/; classtype:trojan-activity;sid:84458326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.68.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595227/; classtype:trojan-activity;sid:84458327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.248.66.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595228/; classtype:trojan-activity;sid:84458328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.161.244.59"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595229/; classtype:trojan-activity;sid:84458329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.248.66.232"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595230/; classtype:trojan-activity;sid:84458330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.149.165.156"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595207/; classtype:trojan-activity;sid:84458307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.231.141.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595208/; classtype:trojan-activity;sid:84458308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.11.75"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595209/; classtype:trojan-activity;sid:84458309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.80.58.24"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595210/; classtype:trojan-activity;sid:84458310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.6.3.26"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595211/; classtype:trojan-activity;sid:84458311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.57.227.208"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595212/; classtype:trojan-activity;sid:84458312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.125.190"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595213/; classtype:trojan-activity;sid:84458313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.139.64.220"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595214/; classtype:trojan-activity;sid:84458314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"171.247.205.124"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595215/; classtype:trojan-activity;sid:84458315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.18.186.215"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595205/; classtype:trojan-activity;sid:84458305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.40.118.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595206/; classtype:trojan-activity;sid:84458306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.149.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595204/; classtype:trojan-activity;sid:84458304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.241.78.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595203/; classtype:trojan-activity;sid:84458303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.50.41.249"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595202/; classtype:trojan-activity;sid:84458302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"120.157.153.81"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595201/; classtype:trojan-activity;sid:84458301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.68.65.184"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595197/; classtype:trojan-activity;sid:84458297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"41.146.76.236"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595198/; classtype:trojan-activity;sid:84458298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"41.146.76.236"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595199/; classtype:trojan-activity;sid:84458299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.143.254.172"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595200/; classtype:trojan-activity;sid:84458300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.224.144.205"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595196/; classtype:trojan-activity;sid:84458296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.80.134.88"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595193/; classtype:trojan-activity;sid:84458293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.41.159.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595194/; classtype:trojan-activity;sid:84458294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"59.88.42.158"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595195/; classtype:trojan-activity;sid:84458295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.204.26"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595192/; classtype:trojan-activity;sid:84458292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.99.65"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595191/; classtype:trojan-activity;sid:84458291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.45.131"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595190/; classtype:trojan-activity;sid:84458290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6482739089/nylfekx.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595189/; classtype:trojan-activity;sid:84458289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.136.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595187/; classtype:trojan-activity;sid:84458287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.45.131"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595188/; classtype:trojan-activity;sid:84458288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.34.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595186/; classtype:trojan-activity;sid:84458286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595179/; classtype:trojan-activity;sid:84458279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595180/; classtype:trojan-activity;sid:84458280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595181/; classtype:trojan-activity;sid:84458281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595182/; classtype:trojan-activity;sid:84458282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595183/; classtype:trojan-activity;sid:84458283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595184/; classtype:trojan-activity;sid:84458284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595185/; classtype:trojan-activity;sid:84458285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.136.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595178/; classtype:trojan-activity;sid:84458278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595175/; classtype:trojan-activity;sid:84458275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595176/; classtype:trojan-activity;sid:84458276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"196.251.85.171"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595177/; classtype:trojan-activity;sid:84458277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.255.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595174/; classtype:trojan-activity;sid:84458274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.93.204"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595173/; classtype:trojan-activity;sid:84458273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.193.192"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595172/; classtype:trojan-activity;sid:84458272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.248.208"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595169/; classtype:trojan-activity;sid:84458269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.31.227"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595170/; classtype:trojan-activity;sid:84458270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.196"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595171/; classtype:trojan-activity;sid:84458271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.215.229"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595168/; classtype:trojan-activity;sid:84458268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.130.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595167/; classtype:trojan-activity;sid:84458267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.132.213"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595166/; classtype:trojan-activity;sid:84458266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.193.192"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595165/; classtype:trojan-activity;sid:84458265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.88.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595164/; classtype:trojan-activity;sid:84458264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.64.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595163/; classtype:trojan-activity;sid:84458263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.7.205"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595162/; classtype:trojan-activity;sid:84458262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.56.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595161/; classtype:trojan-activity;sid:84458261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.87.249"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595160/; classtype:trojan-activity;sid:84458260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.88.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595159/; classtype:trojan-activity;sid:84458259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.255.117"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595158/; classtype:trojan-activity;sid:84458258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8085140108/tt7w3ko.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595156/; classtype:trojan-activity;sid:84458256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8070726592/aiczqln.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595157/; classtype:trojan-activity;sid:84458257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.7.205"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595155/; classtype:trojan-activity;sid:84458255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.253.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595154/; classtype:trojan-activity;sid:84458254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.144.87"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595153/; classtype:trojan-activity;sid:84458253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.107.16.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595151/; classtype:trojan-activity;sid:84458251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.211.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595152/; classtype:trojan-activity;sid:84458252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.79.213"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595150/; classtype:trojan-activity;sid:84458250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.96.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595149/; classtype:trojan-activity;sid:84458249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.253.112"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595148/; classtype:trojan-activity;sid:84458248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.211.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595147/; classtype:trojan-activity;sid:84458247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.56.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595146/; classtype:trojan-activity;sid:84458246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.2.246"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595145/; classtype:trojan-activity;sid:84458245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.16.92"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595144/; classtype:trojan-activity;sid:84458244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.196.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595143/; classtype:trojan-activity;sid:84458243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6215474779/rgxee0v.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595142/; classtype:trojan-activity;sid:84458242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khimik999/hwaszgsdhzxvdxzghv/raw/refs/heads/main/aggregatorhosts.exe"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595141/; classtype:trojan-activity;sid:84458241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8097964226/zu3snjz.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595139/; classtype:trojan-activity;sid:84458239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jerr1hn/swift-executor/raw/refs/heads/main/swift.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595140/; classtype:trojan-activity;sid:84458240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.163.57.174"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595138/; classtype:trojan-activity;sid:84458238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.41.184"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595137/; classtype:trojan-activity;sid:84458237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.235.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595135/; classtype:trojan-activity;sid:84458235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.205.73"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595136/; classtype:trojan-activity;sid:84458236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.67.215.232"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595134/; classtype:trojan-activity;sid:84458234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.128.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595133/; classtype:trojan-activity;sid:84458233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.196.184"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595132/; classtype:trojan-activity;sid:84458232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.212.160"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595131/; classtype:trojan-activity;sid:84458231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.171.177.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595130/; classtype:trojan-activity;sid:84458230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.46.157.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595129/; classtype:trojan-activity;sid:84458229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.250.16.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595128/; classtype:trojan-activity;sid:84458228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.67.215.232"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595127/; classtype:trojan-activity;sid:84458227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.158.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595126/; classtype:trojan-activity;sid:84458226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.196.184"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595125/; classtype:trojan-activity;sid:84458225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.99.83"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595124/; classtype:trojan-activity;sid:84458224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.9.161"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595123/; classtype:trojan-activity;sid:84458223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.46.157.201"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595122/; classtype:trojan-activity;sid:84458222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.158.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595121/; classtype:trojan-activity;sid:84458221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"162.250.16.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595120/; classtype:trojan-activity;sid:84458220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.168.125"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595118/; classtype:trojan-activity;sid:84458218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.195.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595119/; classtype:trojan-activity;sid:84458219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.128.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595117/; classtype:trojan-activity;sid:84458217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.90.64"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595116/; classtype:trojan-activity;sid:84458216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.100.214"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595115/; classtype:trojan-activity;sid:84458215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.128.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595114/; classtype:trojan-activity;sid:84458214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.168.125"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595113/; classtype:trojan-activity;sid:84458213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.9.161"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595112/; classtype:trojan-activity;sid:84458212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.248.129"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595111/; classtype:trojan-activity;sid:84458211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.31.190.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595110/; classtype:trojan-activity;sid:84458210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.33.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595109/; classtype:trojan-activity;sid:84458209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.94.130"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595108/; classtype:trojan-activity;sid:84458208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/15786589/cg8wjnt.exe"; depth:27; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595107/; classtype:trojan-activity;sid:84458207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.80.3"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595106/; classtype:trojan-activity;sid:84458206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.33.145"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595105/; classtype:trojan-activity;sid:84458205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.190.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595104/; classtype:trojan-activity;sid:84458204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.51.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595103/; classtype:trojan-activity;sid:84458203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.51.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595102/; classtype:trojan-activity;sid:84458202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnap"; depth:5; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595099/; classtype:trojan-activity;sid:84458199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595100/; classtype:trojan-activity;sid:84458200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595101/; classtype:trojan-activity;sid:84458201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595096/; classtype:trojan-activity;sid:84458196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595097/; classtype:trojan-activity;sid:84458197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595098/; classtype:trojan-activity;sid:84458198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.103.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595094/; classtype:trojan-activity;sid:84458194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.22.28"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595095/; classtype:trojan-activity;sid:84458195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.207.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595093/; classtype:trojan-activity;sid:84458193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.4.92"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595092/; classtype:trojan-activity;sid:84458192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.199.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595090/; classtype:trojan-activity;sid:84458190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.198.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595091/; classtype:trojan-activity;sid:84458191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.79.149"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595089/; classtype:trojan-activity;sid:84458189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.161.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595088/; classtype:trojan-activity;sid:84458188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.170.209"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595087/; classtype:trojan-activity;sid:84458187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.162.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595086/; classtype:trojan-activity;sid:84458186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.126.146"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595085/; classtype:trojan-activity;sid:84458185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595084/; classtype:trojan-activity;sid:84458184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.36.5"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595083/; classtype:trojan-activity;sid:84458183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.204"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595082/; classtype:trojan-activity;sid:84458182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7002513081/angr9rr.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595081/; classtype:trojan-activity;sid:84458181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.100.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595080/; classtype:trojan-activity;sid:84458180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.40.243"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595079/; classtype:trojan-activity;sid:84458179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.170.209"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595078/; classtype:trojan-activity;sid:84458178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.144.129"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595077/; classtype:trojan-activity;sid:84458177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.103.3"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595076/; classtype:trojan-activity;sid:84458176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.62.53"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595074/; classtype:trojan-activity;sid:84458174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.162.187"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595075/; classtype:trojan-activity;sid:84458175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"kind-leakey.196-251-114-105.plesk.page"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595073/; classtype:trojan-activity;sid:84458173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"kind-leakey.196-251-114-105.plesk.page"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595071/; classtype:trojan-activity;sid:84458171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"kind-leakey.196-251-114-105.plesk.page"; depth:38; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595072/; classtype:trojan-activity;sid:84458172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tawley.mp4"; depth:11; endswith; nocase; http.host; content:"kriez.work"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595070/; classtype:trojan-activity;sid:84458170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"heuristic-hofstadter.196-251-114-105.plesk.page"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595069/; classtype:trojan-activity;sid:84458169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"heuristic-hofstadter.196-251-114-105.plesk.page"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595067/; classtype:trojan-activity;sid:84458167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"heuristic-hofstadter.196-251-114-105.plesk.page"; depth:47; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595068/; classtype:trojan-activity;sid:84458168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/188/unb/weneedbestpersonwithbetterperformanceofthebestprogram__________weneedbestpersonwithbetterperformanceofthebestprogram____________weneedbestpersonwithbetterperformanceofthebestprogram.doc"; depth:194; endswith; nocase; http.host; content:"188.213.165.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595066/; classtype:trojan-activity;sid:84458166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595065/; classtype:trojan-activity;sid:84458165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595063/; classtype:trojan-activity;sid:84458163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595064/; classtype:trojan-activity;sid:84458164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/57/gbc/goodpeoplesgivenbestthingswithbetterperformancewitme_________goodpeoplesgivenbestthingswithbetterperformancewitme______goodpeoplesgivenbestthingswithbetterperformancewitme.doc"; depth:183; endswith; nocase; http.host; content:"188.213.165.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595062/; classtype:trojan-activity;sid:84458162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm7"; depth:18; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595061/; classtype:trojan-activity;sid:84458161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm6"; depth:18; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595058/; classtype:trojan-activity;sid:84458158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.mpsl"; depth:18; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595059/; classtype:trojan-activity;sid:84458159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.m68k"; depth:18; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595060/; classtype:trojan-activity;sid:84458160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.ppc"; depth:17; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595056/; classtype:trojan-activity;sid:84458156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.mips"; depth:18; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595057/; classtype:trojan-activity;sid:84458157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.x86_64"; depth:20; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595055/; classtype:trojan-activity;sid:84458155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.x86"; depth:17; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595051/; classtype:trojan-activity;sid:84458151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm5"; depth:18; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595052/; classtype:trojan-activity;sid:84458152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.sh4"; depth:17; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595053/; classtype:trojan-activity;sid:84458153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm"; depth:17; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595054/; classtype:trojan-activity;sid:84458154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.spc"; depth:17; endswith; nocase; http.host; content:"www.heuristic-hofstadter.196-251-114-105.plesk.page"; depth:51; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595050/; classtype:trojan-activity;sid:84458150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45zdfrtgh/gh16515fg6/creo.vbs"; depth:30; endswith; nocase; http.host; content:"ptcl.site"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595049/; classtype:trojan-activity;sid:84458149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.100.254"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595048/; classtype:trojan-activity;sid:84458148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/155/wcn/weneedgoodsolutionswithbestpeoplesventure_______weneedgoodsolutionswithbestpeoplesventure________weneedgoodsolutionswithbestpeoplesventure.doc"; depth:151; endswith; nocase; http.host; content:"74.208.246.48"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595047/; classtype:trojan-activity;sid:84458147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/277/uhn/greenthingsbetterthingwithgreatnessofhappinessformegreenthingsbetterthingwithgreatnessofhappinessformegreenthingsbetterthingwithgreatnessofhappinessformegreenthingsbetterthingwithgreatnessofhappinessforme.doc"; depth:217; endswith; nocase; http.host; content:"185.58.194.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595046/; classtype:trojan-activity;sid:84458146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.39.164"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595045/; classtype:trojan-activity;sid:84458145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.197.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595044/; classtype:trojan-activity;sid:84458144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ep9ts2/ndt.sh"; depth:14; endswith; nocase; http.host; content:"104.164.55.217"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595041/; classtype:trojan-activity;sid:84458141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/debug"; depth:55; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595042/; classtype:trojan-activity;sid:84458142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; depth:86; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595043/; classtype:trojan-activity;sid:84458143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; depth:86; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595040/; classtype:trojan-activity;sid:84458140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; depth:89; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595035/; classtype:trojan-activity;sid:84458135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; depth:86; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595036/; classtype:trojan-activity;sid:84458136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; depth:87; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595037/; classtype:trojan-activity;sid:84458137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; depth:87; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595038/; classtype:trojan-activity;sid:84458138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; depth:87; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595039/; classtype:trojan-activity;sid:84458139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_34.nn"; depth:10; endswith; nocase; http.host; content:"141.11.62.4"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595034/; classtype:trojan-activity;sid:84458134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; depth:87; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595031/; classtype:trojan-activity;sid:84458131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; depth:86; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595032/; classtype:trojan-activity;sid:84458132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; depth:86; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595033/; classtype:trojan-activity;sid:84458133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; depth:87; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595028/; classtype:trojan-activity;sid:84458128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; depth:87; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595029/; classtype:trojan-activity;sid:84458129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; depth:87; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595030/; classtype:trojan-activity;sid:84458130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.x86_64"; depth:20; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595027/; classtype:trojan-activity;sid:84458127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.mips"; depth:18; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595016/; classtype:trojan-activity;sid:84458116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm5"; depth:18; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595017/; classtype:trojan-activity;sid:84458117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.x86"; depth:17; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595018/; classtype:trojan-activity;sid:84458118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm6"; depth:18; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595019/; classtype:trojan-activity;sid:84458119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.spc"; depth:17; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595020/; classtype:trojan-activity;sid:84458120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.sh4"; depth:17; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595021/; classtype:trojan-activity;sid:84458121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.m68k"; depth:18; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595022/; classtype:trojan-activity;sid:84458122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm7"; depth:18; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595023/; classtype:trojan-activity;sid:84458123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595024/; classtype:trojan-activity;sid:84458124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm"; depth:17; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595025/; classtype:trojan-activity;sid:84458125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.mpsl"; depth:18; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595026/; classtype:trojan-activity;sid:84458126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595015/; classtype:trojan-activity;sid:84458115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.ppc"; depth:17; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595013/; classtype:trojan-activity;sid:84458113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"www.kind-leakey.196-251-114-105.plesk.page"; depth:42; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595014/; classtype:trojan-activity;sid:84458114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; depth:86; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595012/; classtype:trojan-activity;sid:84458112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; depth:87; endswith; nocase; http.host; content:"185.186.26.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595011/; classtype:trojan-activity;sid:84458111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.252.50"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595010/; classtype:trojan-activity;sid:84458110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.ppc64le"; depth:18; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595009/; classtype:trojan-activity;sid:84458109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.mips"; depth:15; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595006/; classtype:trojan-activity;sid:84458106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.ppc64"; depth:16; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595007/; classtype:trojan-activity;sid:84458107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.386"; depth:14; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595008/; classtype:trojan-activity;sid:84458108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.arm64"; depth:16; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595005/; classtype:trojan-activity;sid:84458105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.arm"; depth:14; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595000/; classtype:trojan-activity;sid:84458100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.amd64"; depth:16; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595001/; classtype:trojan-activity;sid:84458101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.mips64"; depth:17; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595002/; classtype:trojan-activity;sid:84458102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.mips64le"; depth:19; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595003/; classtype:trojan-activity;sid:84458103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.loong64"; depth:18; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595004/; classtype:trojan-activity;sid:84458104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.s390x"; depth:16; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594999/; classtype:trojan-activity;sid:84458099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.mipsle"; depth:17; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594997/; classtype:trojan-activity;sid:84458097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dori.riscv64"; depth:18; endswith; nocase; http.host; content:"dori8501.ddns.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594998/; classtype:trojan-activity;sid:84458098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.89.8"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594996/; classtype:trojan-activity;sid:84458096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.m68k"; depth:18; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594995/; classtype:trojan-activity;sid:84458095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm6"; depth:18; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594994/; classtype:trojan-activity;sid:84458094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.ppc"; depth:17; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594993/; classtype:trojan-activity;sid:84458093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm7"; depth:18; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594985/; classtype:trojan-activity;sid:84458085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.x86_64"; depth:20; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594986/; classtype:trojan-activity;sid:84458086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm5"; depth:18; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594987/; classtype:trojan-activity;sid:84458087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.spc"; depth:17; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594988/; classtype:trojan-activity;sid:84458088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.sh4"; depth:17; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594989/; classtype:trojan-activity;sid:84458089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm"; depth:17; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594990/; classtype:trojan-activity;sid:84458090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.mips"; depth:18; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594991/; classtype:trojan-activity;sid:84458091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.x86"; depth:17; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594992/; classtype:trojan-activity;sid:84458092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594982/; classtype:trojan-activity;sid:84458082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.mpsl"; depth:18; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594983/; classtype:trojan-activity;sid:84458083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594984/; classtype:trojan-activity;sid:84458084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"www.196-251-114-105.plesk.page"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594981/; classtype:trojan-activity;sid:84458081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_3ba4219403ad4c2589f513de8b04e8df.txt"; depth:45; endswith; nocase; http.host; content:"copydocuments.ct.ws"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594980/; classtype:trojan-activity;sid:84458080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.25.136"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594979/; classtype:trojan-activity;sid:84458079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/msi_20250801/msi.png"; depth:30; endswith; nocase; http.host; content:"archive.org"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594977/; classtype:trojan-activity;sid:84458077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_9a6f7defb64f46529e52820d0211fca7.txt"; depth:45; endswith; nocase; http.host; content:"copydocuments.ct.ws"; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594978/; classtype:trojan-activity;sid:84458078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.80.23"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594976/; classtype:trojan-activity;sid:84458076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ep9ts2/httpgd"; depth:14; endswith; nocase; http.host; content:"matrix.masscan.cloud"; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594975/; classtype:trojan-activity;sid:84458075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:71; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594974/; classtype:trojan-activity;sid:84458074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; depth:70; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594965/; classtype:trojan-activity;sid:84458065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; depth:70; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594966/; classtype:trojan-activity;sid:84458066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594967/; classtype:trojan-activity;sid:84458067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; depth:71; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594968/; classtype:trojan-activity;sid:84458068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; depth:70; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594969/; classtype:trojan-activity;sid:84458069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; depth:71; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594970/; classtype:trojan-activity;sid:84458070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; depth:71; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594971/; classtype:trojan-activity;sid:84458071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; depth:71; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594972/; classtype:trojan-activity;sid:84458072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; depth:71; endswith; nocase; http.host; content:"45.153.34.39"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594973/; classtype:trojan-activity;sid:84458073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ep9ts2/httpgd"; depth:14; endswith; nocase; http.host; content:"104.164.55.217"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594964/; classtype:trojan-activity;sid:84458064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1387079731/1wbvzkk.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594963/; classtype:trojan-activity;sid:84458063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/sh4"; depth:9; endswith; nocase; http.host; content:"burger042.ddnsfree.com"; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594961/; classtype:trojan-activity;sid:84458061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ssa/t1.png"; depth:12; endswith; nocase; http.host; content:"isiore.com.co"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594962/; classtype:trojan-activity;sid:84458062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.jpg/.a.mp3"; depth:12; endswith; nocase; http.host; content:"azurlogistics.net"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594960/; classtype:trojan-activity;sid:84458060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7251572078/amyjmsi.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594959/; classtype:trojan-activity;sid:84458059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1346363761/3bfmvgw.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594954/; classtype:trojan-activity;sid:84458054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7425234736/vg3h2cu.exe"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594955/; classtype:trojan-activity;sid:84458055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6482739089/ptlfnlh.msi"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594956/; classtype:trojan-activity;sid:84458056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/15786589/ugrs0pm.exe"; depth:27; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594957/; classtype:trojan-activity;sid:84458057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1346363761/hmpow1i.bat"; depth:29; endswith; nocase; http.host; content:"45.141.233.196"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594958/; classtype:trojan-activity;sid:84458058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/sh4"; depth:9; endswith; nocase; http.host; content:"196.251.114.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594952/; classtype:trojan-activity;sid:84458052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/x86"; depth:9; endswith; nocase; http.host; content:"196.251.114.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594953/; classtype:trojan-activity;sid:84458053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/ppc"; depth:9; endswith; nocase; http.host; content:"196.251.114.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594946/; classtype:trojan-activity;sid:84458046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"89.116.186.151"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594947/; classtype:trojan-activity;sid:84458047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arc"; depth:17; endswith; nocase; http.host; content:"196.251.114.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594948/; classtype:trojan-activity;sid:84458048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/m68k"; depth:10; endswith; nocase; http.host; content:"196.251.114.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594949/; classtype:trojan-activity;sid:84458049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/89/spc"; depth:9; endswith; nocase; http.host; content:"196.251.114.66"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594950/; classtype:trojan-activity;sid:84458050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.arm"; depth:17; endswith; nocase; http.host; content:"196.251.114.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594951/; classtype:trojan-activity;sid:84458051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdw35f2.mips"; depth:18; endswith; nocase; http.host; content:"196.251.114.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594945/; classtype:trojan-activity;sid:84458045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugurlutaha6116/zgfe7567ghhv12gbchop/raw/refs/heads/main/pm3107.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594944/; classtype:trojan-activity;sid:84458044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r00tnik8/zianr35524869492586/raw/refs/heads/main/plugin3.plg"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594942/; classtype:trojan-activity;sid:84458042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.58.124"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594943/; classtype:trojan-activity;sid:84458043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.209.240"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594941/; classtype:trojan-activity;sid:84458041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dori.sh"; depth:8; endswith; nocase; http.host; content:"dori8585.global.ssl.fastly.net"; depth:30; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594939/; classtype:trojan-activity;sid:84458039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594940/; classtype:trojan-activity;sid:84458040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594938/; classtype:trojan-activity;sid:84458038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/project/cursinqload"; depth:20; endswith; nocase; http.host; content:"62.60.248.91"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594936/; classtype:trojan-activity;sid:84458036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594937/; classtype:trojan-activity;sid:84458037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594933/; classtype:trojan-activity;sid:84458033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594934/; classtype:trojan-activity;sid:84458034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594935/; classtype:trojan-activity;sid:84458035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.130.168"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594931/; classtype:trojan-activity;sid:84458031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.89.8"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594932/; classtype:trojan-activity;sid:84458032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.25.136"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594930/; classtype:trojan-activity;sid:84458030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.15.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594929/; classtype:trojan-activity;sid:84458029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.15.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594928/; classtype:trojan-activity;sid:84458028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.93.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594927/; classtype:trojan-activity;sid:84458027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.88.35"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594926/; classtype:trojan-activity;sid:84458026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.150.187"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594925/; classtype:trojan-activity;sid:84458025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.171.177.193"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594924/; classtype:trojan-activity;sid:84458024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.218.244.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594923/; classtype:trojan-activity;sid:84458023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.147.229"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594922/; classtype:trojan-activity;sid:84458022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.252.50"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594921/; classtype:trojan-activity;sid:84458021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.3"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594920/; classtype:trojan-activity;sid:84458020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.147.229"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594919/; classtype:trojan-activity;sid:84458019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.203.179.95"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594918/; classtype:trojan-activity;sid:84458018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594916/; classtype:trojan-activity;sid:84458016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594917/; classtype:trojan-activity;sid:84458017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594911/; classtype:trojan-activity;sid:84458011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594912/; classtype:trojan-activity;sid:84458012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594913/; classtype:trojan-activity;sid:84458013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594914/; classtype:trojan-activity;sid:84458014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"103.20.102.84"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594915/; classtype:trojan-activity;sid:84458015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.235.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594910/; classtype:trojan-activity;sid:84458010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.105.105"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594909/; classtype:trojan-activity;sid:84458009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.193.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594908/; classtype:trojan-activity;sid:84458008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.80.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594907/; classtype:trojan-activity;sid:84458007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.93.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594906/; classtype:trojan-activity;sid:84458006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.80.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594905/; classtype:trojan-activity;sid:84458005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.100.58"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594904/; classtype:trojan-activity;sid:84458004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.96.70"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594903/; classtype:trojan-activity;sid:84458003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.80.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594902/; classtype:trojan-activity;sid:84458002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.28.248"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594901/; classtype:trojan-activity;sid:84458001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.55.173.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594900/; classtype:trojan-activity;sid:84458000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.240.231"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594899/; classtype:trojan-activity;sid:84457999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.130.155"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594896/; classtype:trojan-activity;sid:84457996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.118.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594897/; classtype:trojan-activity;sid:84457997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.mpsl"; depth:26; endswith; nocase; http.host; content:"167.99.79.28"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594898/; classtype:trojan-activity;sid:84457998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.195.137"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594895/; classtype:trojan-activity;sid:84457995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.80.50"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594894/; classtype:trojan-activity;sid:84457994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.9.195"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594893/; classtype:trojan-activity;sid:84457993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.9.195"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594892/; classtype:trojan-activity;sid:84457992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.100.58"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594891/; classtype:trojan-activity;sid:84457991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.92.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594890/; classtype:trojan-activity;sid:84457990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.96.70"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594889/; classtype:trojan-activity;sid:84457989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.92.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594888/; classtype:trojan-activity;sid:84457988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.113.156"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594887/; classtype:trojan-activity;sid:84457987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.56.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594886/; classtype:trojan-activity;sid:84457986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.110.55"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594885/; classtype:trojan-activity;sid:84457985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.56.12"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594884/; classtype:trojan-activity;sid:84457984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.28.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594883/; classtype:trojan-activity;sid:84457983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.105.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594882/; classtype:trojan-activity;sid:84457982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.218.244.65"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594881/; classtype:trojan-activity;sid:84457981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.216.239.163"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594880/; classtype:trojan-activity;sid:84457980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.59.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594879/; classtype:trojan-activity;sid:84457979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.160"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594878/; classtype:trojan-activity;sid:84457978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.28.60"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594877/; classtype:trojan-activity;sid:84457977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.160"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594876/; classtype:trojan-activity;sid:84457976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.70.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594875/; classtype:trojan-activity;sid:84457975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.113.156"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594874/; classtype:trojan-activity;sid:84457974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.67.26.111"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594873/; classtype:trojan-activity;sid:84457973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.212.143"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594872/; classtype:trojan-activity;sid:84457972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.169.32"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594871/; classtype:trojan-activity;sid:84457971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.43.152"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594870/; classtype:trojan-activity;sid:84457970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.185.228.62"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594869/; classtype:trojan-activity;sid:84457969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.169.32"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594868/; classtype:trojan-activity;sid:84457968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.70.159"; depth:13;