################################################################ # abuse.ch URLhaus IDS ruleset (Suricata only) # # Last updated: 2021-01-23 14:39:04 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.200.9"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975250/; classtype:trojan-activity;sid:81838350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"216.24.92.4"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975249/; classtype:trojan-activity;sid:81838349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.242.55"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975248/; classtype:trojan-activity;sid:81838348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.112.204.3"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975247/; classtype:trojan-activity;sid:81838347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.19.42"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975246/; classtype:trojan-activity;sid:81838346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.144.222"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975245/; classtype:trojan-activity;sid:81838345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.123.124"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975244/; classtype:trojan-activity;sid:81838344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.145.89"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975243/; classtype:trojan-activity;sid:81838343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.153.162"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975241/; classtype:trojan-activity;sid:81838341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.47.17"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975242/; classtype:trojan-activity;sid:81838342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.17.39"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975240/; classtype:trojan-activity;sid:81838340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.255.180"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975238/; classtype:trojan-activity;sid:81838338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.104.137"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975239/; classtype:trojan-activity;sid:81838339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.8.10"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975237/; classtype:trojan-activity;sid:81838337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.30.197.58"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975236/; classtype:trojan-activity;sid:81838336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"172.245.180.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975235/; classtype:trojan-activity;sid:81838335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"172.245.180.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975234/; classtype:trojan-activity;sid:81838334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.122.129"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975233/; classtype:trojan-activity;sid:81838333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.180.18"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975232/; classtype:trojan-activity;sid:81838332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.26.87"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975231/; classtype:trojan-activity;sid:81838331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.199.56.198"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975230/; classtype:trojan-activity;sid:81838330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.88.210.45"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975229/; classtype:trojan-activity;sid:81838329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.60.34"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975228/; classtype:trojan-activity;sid:81838328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.66.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975224/; classtype:trojan-activity;sid:81838324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.125.21.203"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975221/; classtype:trojan-activity;sid:81838321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.101.142"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975222/; classtype:trojan-activity;sid:81838322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.182.165"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975220/; classtype:trojan-activity;sid:81838320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.133.100.238"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975223/; classtype:trojan-activity;sid:81838323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.178.202.229"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975219/; classtype:trojan-activity;sid:81838319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.106.208"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975218/; classtype:trojan-activity;sid:81838318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"172.245.180.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975217/; classtype:trojan-activity;sid:81838317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"172.245.180.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975214/; classtype:trojan-activity;sid:81838314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"172.245.180.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975216/; classtype:trojan-activity;sid:81838316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"172.245.180.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975213/; classtype:trojan-activity;sid:81838313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"172.245.180.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975215/; classtype:trojan-activity;sid:81838315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"172.245.180.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975212/; classtype:trojan-activity;sid:81838312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"172.245.180.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975210/; classtype:trojan-activity;sid:81838310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"172.245.180.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975211/; classtype:trojan-activity;sid:81838311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.18.232"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975209/; classtype:trojan-activity;sid:81838309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.63.55"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975207/; classtype:trojan-activity;sid:81838307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.173.137"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975206/; classtype:trojan-activity;sid:81838306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.13.69"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975205/; classtype:trojan-activity;sid:81838305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.41.189.200"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975204/; classtype:trojan-activity;sid:81838304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"218.59.20.144"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975202/; classtype:trojan-activity;sid:81838302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.180.124"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975201/; classtype:trojan-activity;sid:81838301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.201.43"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975200/; classtype:trojan-activity;sid:81838300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.201.43"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975198/; classtype:trojan-activity;sid:81838298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.200.164"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975197/; classtype:trojan-activity;sid:81838297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.215.135"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975196/; classtype:trojan-activity;sid:81838296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.251.56.236"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975195/; classtype:trojan-activity;sid:81838295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.226.47"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975194/; classtype:trojan-activity;sid:81838294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.64.210.101"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975193/; classtype:trojan-activity;sid:81838293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.142.140"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975190/; classtype:trojan-activity;sid:81838290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.151.241"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975192/; classtype:trojan-activity;sid:81838292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.173.128"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975189/; classtype:trojan-activity;sid:81838289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.6.254"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975191/; classtype:trojan-activity;sid:81838291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"172.245.180.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975188/; classtype:trojan-activity;sid:81838288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.211.155.119"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975187/; classtype:trojan-activity;sid:81838287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.37.13"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975186/; classtype:trojan-activity;sid:81838286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.181.249"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975185/; classtype:trojan-activity;sid:81838285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.212.19"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975184/; classtype:trojan-activity;sid:81838284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.242.208.38"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975183/; classtype:trojan-activity;sid:81838283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.174.246"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975182/; classtype:trojan-activity;sid:81838282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.171.68"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975181/; classtype:trojan-activity;sid:81838281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.44.129"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975179/; classtype:trojan-activity;sid:81838279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.234.228.85"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975177/; classtype:trojan-activity;sid:81838277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.40.228.63"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975175/; classtype:trojan-activity;sid:81838275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.61.100.210"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975176/; classtype:trojan-activity;sid:81838276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.164.57"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975174/; classtype:trojan-activity;sid:81838274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.128.44"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975173/; classtype:trojan-activity;sid:81838273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.116"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975172/; classtype:trojan-activity;sid:81838272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"93.118.104.23"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975164/; classtype:trojan-activity;sid:81838264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.113.204.12"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975163/; classtype:trojan-activity;sid:81838263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.20.3.66"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975162/; classtype:trojan-activity;sid:81838262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.206.216.164"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975159/; classtype:trojan-activity;sid:81838259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.66.202"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975160/; classtype:trojan-activity;sid:81838260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.181.249"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975158/; classtype:trojan-activity;sid:81838258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.232.73.46"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975157/; classtype:trojan-activity;sid:81838257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.120.16.160"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975154/; classtype:trojan-activity;sid:81838254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.168.113"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975155/; classtype:trojan-activity;sid:81838255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.62.196.178"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975153/; classtype:trojan-activity;sid:81838253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.63.86"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975152/; classtype:trojan-activity;sid:81838252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.64.48"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975151/; classtype:trojan-activity;sid:81838251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.24.110.89"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975149/; classtype:trojan-activity;sid:81838249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.248.227.181"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975148/; classtype:trojan-activity;sid:81838248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.255.89"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975150/; classtype:trojan-activity;sid:81838250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.180.211"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975147/; classtype:trojan-activity;sid:81838247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.178.34"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975146/; classtype:trojan-activity;sid:81838246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.168.249.52"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975145/; classtype:trojan-activity;sid:81838245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.201.34"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975144/; classtype:trojan-activity;sid:81838244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.160.216"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975142/; classtype:trojan-activity;sid:81838242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.27.5"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975141/; classtype:trojan-activity;sid:81838241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.175.100.42"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975139/; classtype:trojan-activity;sid:81838239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.200.132"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975138/; classtype:trojan-activity;sid:81838238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.201.34"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975136/; classtype:trojan-activity;sid:81838236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.187.154.82"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975135/; classtype:trojan-activity;sid:81838235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.161.179"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975133/; classtype:trojan-activity;sid:81838233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.153.143.113"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975134/; classtype:trojan-activity;sid:81838234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.71.165"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975130/; classtype:trojan-activity;sid:81838230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.2.52.53"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975129/; classtype:trojan-activity;sid:81838229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.82.99.37"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975128/; classtype:trojan-activity;sid:81838228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.216.184"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975127/; classtype:trojan-activity;sid:81838227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.47.235"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975125/; classtype:trojan-activity;sid:81838225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.30.110.50"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975124/; classtype:trojan-activity;sid:81838224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.210.252"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975123/; classtype:trojan-activity;sid:81838223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.45.130.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975122/; classtype:trojan-activity;sid:81838222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/7yddvdty5qrfk6tjbhg0erasnnfvsofnnp34rsmlok9gdiokduofcfoqo5ylqkpsm/"; depth:78; endswith; nocase; http.host; content:"dmarketics.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975121/; classtype:trojan-activity;sid:81838221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.16.237.27"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975119/; classtype:trojan-activity;sid:81838219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.37.123"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975118/; classtype:trojan-activity;sid:81838218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.25.183.25"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975114/; classtype:trojan-activity;sid:81838214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.125.74.86"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975116/; classtype:trojan-activity;sid:81838216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.95.91"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975115/; classtype:trojan-activity;sid:81838215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkorea/pornhub.arm"; depth:19; endswith; nocase; http.host; content:"185.132.53.161"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975110/; classtype:trojan-activity;sid:81838210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkorea/pornhub.m68k"; depth:20; endswith; nocase; http.host; content:"185.132.53.161"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975107/; classtype:trojan-activity;sid:81838207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkorea/pornhub.mpsl"; depth:20; endswith; nocase; http.host; content:"185.132.53.161"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975106/; classtype:trojan-activity;sid:81838206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkorea/pornhub.x86"; depth:19; endswith; nocase; http.host; content:"185.132.53.161"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975109/; classtype:trojan-activity;sid:81838209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkorea/pornhub.arm5"; depth:20; endswith; nocase; http.host; content:"185.132.53.161"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975102/; classtype:trojan-activity;sid:81838202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkorea/pornhub.arm7"; depth:20; endswith; nocase; http.host; content:"185.132.53.161"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975103/; classtype:trojan-activity;sid:81838203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkorea/pornhub.ppc"; depth:19; endswith; nocase; http.host; content:"185.132.53.161"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975105/; classtype:trojan-activity;sid:81838205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkorea/pornhub.sh4"; depth:19; endswith; nocase; http.host; content:"185.132.53.161"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975104/; classtype:trojan-activity;sid:81838204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.spc"; depth:9; endswith; nocase; http.host; content:"107.175.69.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975101/; classtype:trojan-activity;sid:81838201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.173.192"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975099/; classtype:trojan-activity;sid:81838199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.157.154"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975097/; classtype:trojan-activity;sid:81838197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gonu.exe"; depth:9; endswith; nocase; http.host; content:"91.212.150.200"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975095/; classtype:trojan-activity;sid:81838195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/7yddvdty5qrfk6tjbhg0erasnnfvsofnnp34rsmlok9gdiokduofcfoqo5ylqkpsm/"; depth:78; endswith; nocase; http.host; content:"dmarketics.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975092/; classtype:trojan-activity;sid:81838192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.246.176.202"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975091/; classtype:trojan-activity;sid:81838191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.52.230"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975090/; classtype:trojan-activity;sid:81838190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.7.202"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975089/; classtype:trojan-activity;sid:81838189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.35"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975087/; classtype:trojan-activity;sid:81838187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.182.255"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975088/; classtype:trojan-activity;sid:81838188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.13.66"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975084/; classtype:trojan-activity;sid:81838184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.123.219.82"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975085/; classtype:trojan-activity;sid:81838185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.125.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975080/; classtype:trojan-activity;sid:81838180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.7.189.60"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975079/; classtype:trojan-activity;sid:81838179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.119.47.136"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975078/; classtype:trojan-activity;sid:81838178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"187.103.81.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975077/; classtype:trojan-activity;sid:81838177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.71.20"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975076/; classtype:trojan-activity;sid:81838176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.246.176.202"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975074/; classtype:trojan-activity;sid:81838174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.111.194.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975073/; classtype:trojan-activity;sid:81838173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm"; depth:9; endswith; nocase; http.host; content:"107.175.69.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975067/; classtype:trojan-activity;sid:81838167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm5"; depth:10; endswith; nocase; http.host; content:"107.175.69.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975065/; classtype:trojan-activity;sid:81838165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm6"; depth:10; endswith; nocase; http.host; content:"107.175.69.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975066/; classtype:trojan-activity;sid:81838166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm7"; depth:10; endswith; nocase; http.host; content:"107.175.69.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975064/; classtype:trojan-activity;sid:81838164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.m68k"; depth:10; endswith; nocase; http.host; content:"107.175.69.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975071/; classtype:trojan-activity;sid:81838171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mips"; depth:10; endswith; nocase; http.host; content:"107.175.69.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975070/; classtype:trojan-activity;sid:81838170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mpsl"; depth:10; endswith; nocase; http.host; content:"107.175.69.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975062/; classtype:trojan-activity;sid:81838162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.ppc"; depth:9; endswith; nocase; http.host; content:"107.175.69.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975063/; classtype:trojan-activity;sid:81838163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.sh4"; depth:9; endswith; nocase; http.host; content:"107.175.69.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975069/; classtype:trojan-activity;sid:81838169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.x86"; depth:9; endswith; nocase; http.host; content:"107.175.69.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975068/; classtype:trojan-activity;sid:81838168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.210.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975061/; classtype:trojan-activity;sid:81838161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.99.95.109"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975060/; classtype:trojan-activity;sid:81838160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.180.83"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975057/; classtype:trojan-activity;sid:81838157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.0.83.69"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975052/; classtype:trojan-activity;sid:81838152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.123.239.22"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975050/; classtype:trojan-activity;sid:81838150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.235.178.184"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975051/; classtype:trojan-activity;sid:81838151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.94.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975049/; classtype:trojan-activity;sid:81838149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.5.241"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975047/; classtype:trojan-activity;sid:81838147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.83.194"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975048/; classtype:trojan-activity;sid:81838148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.67.35.62"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975045/; classtype:trojan-activity;sid:81838145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.14.233"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975046/; classtype:trojan-activity;sid:81838146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.122.112.91"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975041/; classtype:trojan-activity;sid:81838141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.122.112.69"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975042/; classtype:trojan-activity;sid:81838142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.140.131.14"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975040/; classtype:trojan-activity;sid:81838140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.240.22"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975039/; classtype:trojan-activity;sid:81838139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.137.155.127"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975038/; classtype:trojan-activity;sid:81838138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.18.132"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975035/; classtype:trojan-activity;sid:81838135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.196.219"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975032/; classtype:trojan-activity;sid:81838132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.41.49"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975033/; classtype:trojan-activity;sid:81838133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.61.38"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975031/; classtype:trojan-activity;sid:81838131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.18.132"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975028/; classtype:trojan-activity;sid:81838128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.119.159"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975027/; classtype:trojan-activity;sid:81838127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.162.207"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975026/; classtype:trojan-activity;sid:81838126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.179.148"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975023/; classtype:trojan-activity;sid:81838123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.248.146.83"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975025/; classtype:trojan-activity;sid:81838125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.199.193"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975021/; classtype:trojan-activity;sid:81838121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.1.173"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975019/; classtype:trojan-activity;sid:81838119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.185.178"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975018/; classtype:trojan-activity;sid:81838118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.124.125"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975017/; classtype:trojan-activity;sid:81838117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.58.171.66"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975016/; classtype:trojan-activity;sid:81838116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.193.92"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975014/; classtype:trojan-activity;sid:81838114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.103.57.9"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975013/; classtype:trojan-activity;sid:81838113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"147.219.24.24"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975010/; classtype:trojan-activity;sid:81838110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.191.76"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975009/; classtype:trojan-activity;sid:81838109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.58.171.66"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975007/; classtype:trojan-activity;sid:81838107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.97.172.164"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975006/; classtype:trojan-activity;sid:81838106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.245.130"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975004/; classtype:trojan-activity;sid:81838104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.235.147"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975005/; classtype:trojan-activity;sid:81838105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.152.212"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975003/; classtype:trojan-activity;sid:81838103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.135.87"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975002/; classtype:trojan-activity;sid:81838102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.126.68.17"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975001/; classtype:trojan-activity;sid:81838101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.104"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974999/; classtype:trojan-activity;sid:81838099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (975000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.148.141"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/975000/; classtype:trojan-activity;sid:81838100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.66.195"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974998/; classtype:trojan-activity;sid:81838098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.178.217.198"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974996/; classtype:trojan-activity;sid:81838096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.109.83"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974993/; classtype:trojan-activity;sid:81838093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.75.39.141"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974995/; classtype:trojan-activity;sid:81838095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.130.101.214"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974992/; classtype:trojan-activity;sid:81838092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.126.68.17"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974991/; classtype:trojan-activity;sid:81838091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.44.225.5"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974989/; classtype:trojan-activity;sid:81838089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.17.145.142"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974986/; classtype:trojan-activity;sid:81838086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.235.35.82"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974985/; classtype:trojan-activity;sid:81838085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.130.75"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974983/; classtype:trojan-activity;sid:81838083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.40.53"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974984/; classtype:trojan-activity;sid:81838084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.50.1.106"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974982/; classtype:trojan-activity;sid:81838082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.99.137.140"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974980/; classtype:trojan-activity;sid:81838080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.164.189"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974979/; classtype:trojan-activity;sid:81838079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.186.95"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974978/; classtype:trojan-activity;sid:81838078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.167.196.160"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974976/; classtype:trojan-activity;sid:81838076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.78.32"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974972/; classtype:trojan-activity;sid:81838072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.167.196.160"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974971/; classtype:trojan-activity;sid:81838071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.53.3"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974970/; classtype:trojan-activity;sid:81838070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.67.214"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974968/; classtype:trojan-activity;sid:81838068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.239.97"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974965/; classtype:trojan-activity;sid:81838065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.86.59"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974964/; classtype:trojan-activity;sid:81838064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.123.21"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974963/; classtype:trojan-activity;sid:81838063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.173.53"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974946/; classtype:trojan-activity;sid:81838046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.231.182"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974945/; classtype:trojan-activity;sid:81838045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.211.245.147"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974942/; classtype:trojan-activity;sid:81838042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.167.196.160"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974943/; classtype:trojan-activity;sid:81838043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.123.21"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974941/; classtype:trojan-activity;sid:81838041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.9.118"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974939/; classtype:trojan-activity;sid:81838039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.40"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974937/; classtype:trojan-activity;sid:81838037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.104.111"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974936/; classtype:trojan-activity;sid:81838036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.130.40.162"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974934/; classtype:trojan-activity;sid:81838034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.195.161"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974923/; classtype:trojan-activity;sid:81838023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.169.239"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974922/; classtype:trojan-activity;sid:81838022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.133.244"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974920/; classtype:trojan-activity;sid:81838020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.107.133.186"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974918/; classtype:trojan-activity;sid:81838018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.74.135.146"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974916/; classtype:trojan-activity;sid:81838016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.172.199.70"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974917/; classtype:trojan-activity;sid:81838017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.216.66"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974915/; classtype:trojan-activity;sid:81838015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.203.166"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974913/; classtype:trojan-activity;sid:81838013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.37.170.99"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974914/; classtype:trojan-activity;sid:81838014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.52.49.20"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974912/; classtype:trojan-activity;sid:81838012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.131.172.33"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974908/; classtype:trojan-activity;sid:81838008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.87.103"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974910/; classtype:trojan-activity;sid:81838010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.123.18"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974907/; classtype:trojan-activity;sid:81838007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old-plymouth-ygsce/u39hpcoabrhnh4o9ecq6c7gzmi4xdsvlz75ypvifjg86adjmq713yga05ry0oa55h/"; depth:86; endswith; nocase; http.host; content:"fab5enterprises.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974903/; classtype:trojan-activity;sid:81838003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.252.178.68"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974899/; classtype:trojan-activity;sid:81837999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.36.130.17"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974898/; classtype:trojan-activity;sid:81837998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.73.237.18"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974897/; classtype:trojan-activity;sid:81837997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.183.40"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974893/; classtype:trojan-activity;sid:81837993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.97.173.205"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974890/; classtype:trojan-activity;sid:81837990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.173.86"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974889/; classtype:trojan-activity;sid:81837989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.93.30"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974888/; classtype:trojan-activity;sid:81837988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.108.128.86"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974884/; classtype:trojan-activity;sid:81837984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.9.38.174"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974887/; classtype:trojan-activity;sid:81837987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.117.76"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974886/; classtype:trojan-activity;sid:81837986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.91.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974883/; classtype:trojan-activity;sid:81837983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.200.25"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974867/; classtype:trojan-activity;sid:81837967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.47.4"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974866/; classtype:trojan-activity;sid:81837966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.22.254"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974865/; classtype:trojan-activity;sid:81837965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.73.152.222"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974862/; classtype:trojan-activity;sid:81837962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.79.161.94"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974863/; classtype:trojan-activity;sid:81837963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.69.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974864/; classtype:trojan-activity;sid:81837964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.133.168"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974861/; classtype:trojan-activity;sid:81837961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.150.113.35"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974859/; classtype:trojan-activity;sid:81837959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.26.209.230"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974858/; classtype:trojan-activity;sid:81837958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.147.185"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974854/; classtype:trojan-activity;sid:81837954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"216.24.77.236"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974855/; classtype:trojan-activity;sid:81837955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.167.56"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974856/; classtype:trojan-activity;sid:81837956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.123.238.211"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974852/; classtype:trojan-activity;sid:81837952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.232.241.176"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974847/; classtype:trojan-activity;sid:81837947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.75.140"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974846/; classtype:trojan-activity;sid:81837946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.91.154"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974850/; classtype:trojan-activity;sid:81837950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.172.28.36"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974845/; classtype:trojan-activity;sid:81837945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.83.194"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974840/; classtype:trojan-activity;sid:81837940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.30.1.159"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974839/; classtype:trojan-activity;sid:81837939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.174.60.93"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974838/; classtype:trojan-activity;sid:81837938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nonobins.sh"; depth:12; endswith; nocase; http.host; content:"149.3.170.236"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974835/; classtype:trojan-activity;sid:81837935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.141.229"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974834/; classtype:trojan-activity;sid:81837934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.172.28.36"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974832/; classtype:trojan-activity;sid:81837932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.177.198"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974831/; classtype:trojan-activity;sid:81837931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.17.221"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974830/; classtype:trojan-activity;sid:81837930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.87.172.12"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974828/; classtype:trojan-activity;sid:81837928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.125.77"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974829/; classtype:trojan-activity;sid:81837929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.88.117.61"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974823/; classtype:trojan-activity;sid:81837923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.12.52.164"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974824/; classtype:trojan-activity;sid:81837924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.123.226.213"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974826/; classtype:trojan-activity;sid:81837926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.79.73.123"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974825/; classtype:trojan-activity;sid:81837925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.202.164"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974821/; classtype:trojan-activity;sid:81837921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.40.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974822/; classtype:trojan-activity;sid:81837922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.97.173.156"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974818/; classtype:trojan-activity;sid:81837918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.138.41"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974817/; classtype:trojan-activity;sid:81837917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.204"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974816/; classtype:trojan-activity;sid:81837916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.30.1.179"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974812/; classtype:trojan-activity;sid:81837912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.76.41"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974814/; classtype:trojan-activity;sid:81837914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.208.86"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974811/; classtype:trojan-activity;sid:81837911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.123.4"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974810/; classtype:trojan-activity;sid:81837910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/python-code-zwz62/gbp0oxk1yggv/"; depth:32; endswith; nocase; http.host; content:"khoahoctiengnhat.ngoaingufpt.edu.vn"; depth:35; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974808/; classtype:trojan-activity;sid:81837908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/jsj2acvylslkf4wvvscr1zbd2ayudnt6dczyrzhtsq9vv/"; depth:56; endswith; nocase; http.host; content:"naturesperfectproducts.com"; depth:26; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974807/; classtype:trojan-activity;sid:81837907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tronxy-x3-aqzab/yrp5hfnqozkrbdtloxnuunppfprcqhqjmt7z/"; depth:54; endswith; nocase; http.host; content:"canvaparanegocios.net"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974805/; classtype:trojan-activity;sid:81837905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/lmmnoplcazaciozbjvdbf8p2dnzofcswgbc217wkvpaxpxa/"; depth:61; endswith; nocase; http.host; content:"new.pagin.sk"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974804/; classtype:trojan-activity;sid:81837904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/isxwzg2gyig1ftqwm1zbozhhrs5fpyfdlcmo9rj1cltducpw4vri9/"; depth:63; endswith; nocase; http.host; content:"yadaria21.had.su"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974803/; classtype:trojan-activity;sid:81837903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.177.198"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974801/; classtype:trojan-activity;sid:81837901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.247.43"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974799/; classtype:trojan-activity;sid:81837899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.179.58"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974797/; classtype:trojan-activity;sid:81837897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.180.162.248"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974796/; classtype:trojan-activity;sid:81837896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.83.170"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974795/; classtype:trojan-activity;sid:81837895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"143.255.128.38"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974792/; classtype:trojan-activity;sid:81837892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackau/data/hip.exe"; depth:20; endswith; nocase; http.host; content:"hiptool.net"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974790/; classtype:trojan-activity;sid:81837890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.18.112.48"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974785/; classtype:trojan-activity;sid:81837885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.18.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974781/; classtype:trojan-activity;sid:81837881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.178.150"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974782/; classtype:trojan-activity;sid:81837882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.194.141.232"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974778/; classtype:trojan-activity;sid:81837878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.227.110"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974777/; classtype:trojan-activity;sid:81837877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.227.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974776/; classtype:trojan-activity;sid:81837876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.11.132.110"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974775/; classtype:trojan-activity;sid:81837875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.42.45"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974774/; classtype:trojan-activity;sid:81837874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.190.34.173"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974773/; classtype:trojan-activity;sid:81837873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.188.101.182"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974771/; classtype:trojan-activity;sid:81837871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.178.62"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974772/; classtype:trojan-activity;sid:81837872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.173.15"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974769/; classtype:trojan-activity;sid:81837869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.132.119"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974767/; classtype:trojan-activity;sid:81837867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.118.144.195"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974766/; classtype:trojan-activity;sid:81837866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.209.124"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974764/; classtype:trojan-activity;sid:81837864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.19"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974765/; classtype:trojan-activity;sid:81837865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.47.91.185"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974760/; classtype:trojan-activity;sid:81837860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.140.195"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974755/; classtype:trojan-activity;sid:81837855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.73.167"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974757/; classtype:trojan-activity;sid:81837857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.10.96"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974751/; classtype:trojan-activity;sid:81837851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.104.152"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974750/; classtype:trojan-activity;sid:81837850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.198.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974749/; classtype:trojan-activity;sid:81837849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.10.129.116"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974746/; classtype:trojan-activity;sid:81837846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.202.227"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974743/; classtype:trojan-activity;sid:81837843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.84.241.244"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974742/; classtype:trojan-activity;sid:81837842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.164.184.129"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974740/; classtype:trojan-activity;sid:81837840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.252.5"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974741/; classtype:trojan-activity;sid:81837841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.113.161.117"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974738/; classtype:trojan-activity;sid:81837838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/b2sbkgll2w7cf0bojdqcn2dyc9c6ry58ezc/"; depth:46; endswith; nocase; http.host; content:"www.iqamglobal.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974737/; classtype:trojan-activity;sid:81837837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/l9ruxycwnzfbx2ndmz9fr7b/"; depth:34; endswith; nocase; http.host; content:"www.architect.co.jp"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974736/; classtype:trojan-activity;sid:81837836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/bvkzw0wixqrhcukq3863yvdaf2bisfgwbmmk27shu8j35h1urmf/"; depth:64; endswith; nocase; http.host; content:"janakivideoslive.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974735/; classtype:trojan-activity;sid:81837835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de.letscompareonline.com/wyd/"; depth:30; endswith; nocase; http.host; content:"letscompareonline.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974732/; classtype:trojan-activity;sid:81837832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1997-chevy-aiz00/rfrte68/"; depth:26; endswith; nocase; http.host; content:"iebest.online"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974730/; classtype:trojan-activity;sid:81837830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.104.152"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974728/; classtype:trojan-activity;sid:81837828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.177.179"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974725/; classtype:trojan-activity;sid:81837825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.30.110.27"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974724/; classtype:trojan-activity;sid:81837824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"191.243.187.78"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974723/; classtype:trojan-activity;sid:81837823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.46.80"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974721/; classtype:trojan-activity;sid:81837821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.61.67.140"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974722/; classtype:trojan-activity;sid:81837822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.198.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974720/; classtype:trojan-activity;sid:81837820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.10.129.116"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974719/; classtype:trojan-activity;sid:81837819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.28.44"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974718/; classtype:trojan-activity;sid:81837818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.9.194.190"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974717/; classtype:trojan-activity;sid:81837817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.187.248.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974716/; classtype:trojan-activity;sid:81837816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.4.157.34"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974712/; classtype:trojan-activity;sid:81837812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.53.246.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974714/; classtype:trojan-activity;sid:81837814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.109.243"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974711/; classtype:trojan-activity;sid:81837811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.131.147"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974710/; classtype:trojan-activity;sid:81837810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.176.110.110"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974709/; classtype:trojan-activity;sid:81837809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.73.208.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974708/; classtype:trojan-activity;sid:81837808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.160.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974703/; classtype:trojan-activity;sid:81837803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.96.138"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974704/; classtype:trojan-activity;sid:81837804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.194.92.61"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974691/; classtype:trojan-activity;sid:81837791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.15.90.93"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974686/; classtype:trojan-activity;sid:81837786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.21.145"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974683/; classtype:trojan-activity;sid:81837783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.133.68.89"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974684/; classtype:trojan-activity;sid:81837784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.174.51"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974682/; classtype:trojan-activity;sid:81837782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.34.179.82"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974681/; classtype:trojan-activity;sid:81837781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.211.130"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974679/; classtype:trojan-activity;sid:81837779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.246.27"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974678/; classtype:trojan-activity;sid:81837778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.215.115"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974674/; classtype:trojan-activity;sid:81837774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.53.51"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974675/; classtype:trojan-activity;sid:81837775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.93.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974671/; classtype:trojan-activity;sid:81837771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.179.216.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974670/; classtype:trojan-activity;sid:81837770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.105.250.226"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974669/; classtype:trojan-activity;sid:81837769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.123.71"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974668/; classtype:trojan-activity;sid:81837768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.104.85"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974667/; classtype:trojan-activity;sid:81837767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.73.152.222"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974666/; classtype:trojan-activity;sid:81837766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/1ldw4fktzvqppmclgg5nufspo0k5zgwlznlyzz43pywdbaznjd0xxkzwyti/"; depth:73; endswith; nocase; http.host; content:"testweb.norwexonlineshop.my"; depth:27; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974663/; classtype:trojan-activity;sid:81837763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tronxy-x3-aqzab/yrp5hfnqozkrbdtloxnuunppfprcqhqjmt7z/"; depth:54; endswith; nocase; http.host; content:"canvaparanegocios.net"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974662/; classtype:trojan-activity;sid:81837762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/rkibwmikhanfvqrthvijybcqsepi6zvgwq7ubjkpjeinbqyyt3mlhkenhhtsqp6/"; depth:76; endswith; nocase; http.host; content:"ngoctugroup.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974660/; classtype:trojan-activity;sid:81837760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r/f7zjo3e3dvffsxdoop0n4xsimhnpdtr8ipzlobeny/"; depth:45; endswith; nocase; http.host; content:"www.aldawliatires.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974659/; classtype:trojan-activity;sid:81837759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fonts/gwgguqfrxrgydvqjruoatrhszoxb8/"; depth:37; endswith; nocase; http.host; content:"www.socristo.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974655/; classtype:trojan-activity;sid:81837755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toad-for-gdyb4/4od0hogwmrneuw1l6/"; depth:34; endswith; nocase; http.host; content:"rodrigoresende.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974653/; classtype:trojan-activity;sid:81837753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n/y5i5cbrkovrr3huh8d27xtaasc3/"; depth:31; endswith; nocase; http.host; content:"www.bangalorestrokesupport.com"; depth:30; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974654/; classtype:trojan-activity;sid:81837754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/jsj2acvylslkf4wvvscr1zbd2ayudnt6dczyrzhtsq9vv/"; depth:56; endswith; nocase; http.host; content:"www.naturesperfectproducts.com"; depth:30; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974650/; classtype:trojan-activity;sid:81837750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vw-passat-itagt/ebatqvvp2wlmicv0fg5qqeijlzfdxf/"; depth:48; endswith; nocase; http.host; content:"diaspocare.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974651/; classtype:trojan-activity;sid:81837751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tracfone-unlimited-ctzsw/rlnjzcz/"; depth:34; endswith; nocase; http.host; content:"apexcomcorp.in"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974645/; classtype:trojan-activity;sid:81837745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/232221656/an6pbsqum/"; depth:21; endswith; nocase; http.host; content:"arivutechnologies.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974646/; classtype:trojan-activity;sid:81837746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/6nkewzd774rzhsbvvyxqschtvxczffvd78c001ucdfx7hsn4vvvdp/"; depth:66; endswith; nocase; http.host; content:"beeliquors.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974647/; classtype:trojan-activity;sid:81837747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/kgsgvpfzyr6vlfgahab2kaxf4sp6e/"; depth:42; endswith; nocase; http.host; content:"adityaspring.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974644/; classtype:trojan-activity;sid:81837744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.157.176"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974643/; classtype:trojan-activity;sid:81837743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.51"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974642/; classtype:trojan-activity;sid:81837742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.4.105"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974640/; classtype:trojan-activity;sid:81837740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.214.44"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974631/; classtype:trojan-activity;sid:81837731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.40.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974630/; classtype:trojan-activity;sid:81837730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.208.173"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974629/; classtype:trojan-activity;sid:81837729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974627/; classtype:trojan-activity;sid:81837727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.58.164"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974626/; classtype:trojan-activity;sid:81837726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.199.112.43"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974625/; classtype:trojan-activity;sid:81837725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.176.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_23; reference:url, urlhaus.abuse.ch/url/974621/; classtype:trojan-activity;sid:81837721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/eoco3opqlbwh9jvnjpfg11u0fjqcfptvkxg/"; depth:45; endswith; nocase; http.host; content:"siderhurbal.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974618/; classtype:trojan-activity;sid:81837718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.49.230"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974617/; classtype:trojan-activity;sid:81837717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.51"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974616/; classtype:trojan-activity;sid:81837716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.105.250.226"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974615/; classtype:trojan-activity;sid:81837715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.130.190.111"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974614/; classtype:trojan-activity;sid:81837714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.163.188"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974613/; classtype:trojan-activity;sid:81837713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.92.176.253"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974612/; classtype:trojan-activity;sid:81837712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.147.113"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974611/; classtype:trojan-activity;sid:81837711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.163.244.168"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974609/; classtype:trojan-activity;sid:81837709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.179.100"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974610/; classtype:trojan-activity;sid:81837710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.124.4"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974608/; classtype:trojan-activity;sid:81837708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.241.6.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974607/; classtype:trojan-activity;sid:81837707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.217.60"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974606/; classtype:trojan-activity;sid:81837706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.49.230"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974605/; classtype:trojan-activity;sid:81837705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.176.110.109"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974604/; classtype:trojan-activity;sid:81837704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.173.36"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974603/; classtype:trojan-activity;sid:81837703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.207.242"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974600/; classtype:trojan-activity;sid:81837700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"38.69.48.2"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974601/; classtype:trojan-activity;sid:81837701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.99.154"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974602/; classtype:trojan-activity;sid:81837702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.216.66"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974599/; classtype:trojan-activity;sid:81837699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.135.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974598/; classtype:trojan-activity;sid:81837698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.176.110.72"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974597/; classtype:trojan-activity;sid:81837697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.217.60"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974596/; classtype:trojan-activity;sid:81837696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.163.137.226"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974595/; classtype:trojan-activity;sid:81837695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.176.110.109"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974594/; classtype:trojan-activity;sid:81837694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"211.216.125.234"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974593/; classtype:trojan-activity;sid:81837693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.3.180.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974592/; classtype:trojan-activity;sid:81837692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.255.8.235"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974590/; classtype:trojan-activity;sid:81837690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.46.117"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974589/; classtype:trojan-activity;sid:81837689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.160.216"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974591/; classtype:trojan-activity;sid:81837691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.156.94"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974588/; classtype:trojan-activity;sid:81837688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.207.74"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974587/; classtype:trojan-activity;sid:81837687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.176.110.72"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974586/; classtype:trojan-activity;sid:81837686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.242.91"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974585/; classtype:trojan-activity;sid:81837685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/mxz8woiryumtkzjjooshrwifitngkr2dnbaop0zgaur/"; depth:53; endswith; nocase; http.host; content:"salooncloud.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974584/; classtype:trojan-activity;sid:81837684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/arm7"; depth:9; endswith; nocase; http.host; content:"45.133.9.209"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974583/; classtype:trojan-activity;sid:81837683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/arm"; depth:8; endswith; nocase; http.host; content:"45.133.9.209"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974577/; classtype:trojan-activity;sid:81837677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/arm5"; depth:9; endswith; nocase; http.host; content:"45.133.9.209"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974579/; classtype:trojan-activity;sid:81837679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/arm6"; depth:9; endswith; nocase; http.host; content:"45.133.9.209"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974582/; classtype:trojan-activity;sid:81837682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/mips"; depth:9; endswith; nocase; http.host; content:"45.133.9.209"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974576/; classtype:trojan-activity;sid:81837676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/mpsl"; depth:9; endswith; nocase; http.host; content:"45.133.9.209"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974580/; classtype:trojan-activity;sid:81837680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/ppc"; depth:8; endswith; nocase; http.host; content:"45.133.9.209"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974581/; classtype:trojan-activity;sid:81837681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/x86"; depth:8; endswith; nocase; http.host; content:"45.133.9.209"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974578/; classtype:trojan-activity;sid:81837678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.85.103"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974575/; classtype:trojan-activity;sid:81837675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"211.216.111.188"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974574/; classtype:trojan-activity;sid:81837674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.23.79"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974573/; classtype:trojan-activity;sid:81837673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.209.126.206"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974572/; classtype:trojan-activity;sid:81837672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.22.10"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974570/; classtype:trojan-activity;sid:81837670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.196.190"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974566/; classtype:trojan-activity;sid:81837666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.165.30.134"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974571/; classtype:trojan-activity;sid:81837671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.147.234"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974568/; classtype:trojan-activity;sid:81837668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.52.10.191"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974569/; classtype:trojan-activity;sid:81837669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.121.184"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974567/; classtype:trojan-activity;sid:81837667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.113.161.129"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974565/; classtype:trojan-activity;sid:81837665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.242.91"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974564/; classtype:trojan-activity;sid:81837664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.34.86.44"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974563/; classtype:trojan-activity;sid:81837663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.168.231"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974562/; classtype:trojan-activity;sid:81837662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.243.124.134"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974561/; classtype:trojan-activity;sid:81837661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.60.39"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974560/; classtype:trojan-activity;sid:81837660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.111.194.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974559/; classtype:trojan-activity;sid:81837659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.174.63"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974558/; classtype:trojan-activity;sid:81837658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.12.124"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974557/; classtype:trojan-activity;sid:81837657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/y043posewr/"; depth:24; endswith; nocase; http.host; content:"wsdigitalconsulting.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974556/; classtype:trojan-activity;sid:81837656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.162.12.158"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974555/; classtype:trojan-activity;sid:81837655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.68.233.3"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974554/; classtype:trojan-activity;sid:81837654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.220.89"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974553/; classtype:trojan-activity;sid:81837653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.241.15"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974552/; classtype:trojan-activity;sid:81837652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.202.132"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974551/; classtype:trojan-activity;sid:81837651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.68.34"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974550/; classtype:trojan-activity;sid:81837650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.104.38"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974549/; classtype:trojan-activity;sid:81837649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.110.165.221"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974547/; classtype:trojan-activity;sid:81837647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.163.39.175"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974546/; classtype:trojan-activity;sid:81837646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.16.144.189"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974548/; classtype:trojan-activity;sid:81837648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/bdbno4ykbh9qmw59jywyzkf/"; depth:27; endswith; nocase; http.host; content:"symbiosis-consulting.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974545/; classtype:trojan-activity;sid:81837645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6382329/mlrcedkan/"; depth:19; endswith; nocase; http.host; content:"bjconstructions.in"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974543/; classtype:trojan-activity;sid:81837643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/y043posewr/"; depth:24; endswith; nocase; http.host; content:"wsdigitalconsulting.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974544/; classtype:trojan-activity;sid:81837644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/u77lyzeahk4f6abk9y933azxauqmydfp7/"; depth:44; endswith; nocase; http.host; content:"sherpazone.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974542/; classtype:trojan-activity;sid:81837642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/y043posewr/"; depth:24; endswith; nocase; http.host; content:"www.wsdigitalconsulting.com"; depth:27; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974541/; classtype:trojan-activity;sid:81837641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.162.12.158"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974540/; classtype:trojan-activity;sid:81837640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.255.226.166"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974539/; classtype:trojan-activity;sid:81837639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.88.209.109"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974537/; classtype:trojan-activity;sid:81837637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.13.92"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974538/; classtype:trojan-activity;sid:81837638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.46.44.183"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974536/; classtype:trojan-activity;sid:81837636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/avgl4fjh05bfgnisq4vl2jmvgdjy3cr0ux1/"; depth:49; endswith; nocase; http.host; content:"magnumuae.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974535/; classtype:trojan-activity;sid:81837635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.99.171.192"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974534/; classtype:trojan-activity;sid:81837634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ft/7.jpg"; depth:9; endswith; nocase; http.host; content:"207.148.110.29"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974533/; classtype:trojan-activity;sid:81837633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.74.71.199"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974532/; classtype:trojan-activity;sid:81837632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.40.228.63"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974531/; classtype:trojan-activity;sid:81837631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.91.206"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974530/; classtype:trojan-activity;sid:81837630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.120.121"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974529/; classtype:trojan-activity;sid:81837629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.121.184.46"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974528/; classtype:trojan-activity;sid:81837628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.59.115"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974527/; classtype:trojan-activity;sid:81837627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.248.60.218"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974526/; classtype:trojan-activity;sid:81837626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.40.99"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974524/; classtype:trojan-activity;sid:81837624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.228.92"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974525/; classtype:trojan-activity;sid:81837625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.55.148.121"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974523/; classtype:trojan-activity;sid:81837623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.36.94"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974522/; classtype:trojan-activity;sid:81837622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.39.87"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974521/; classtype:trojan-activity;sid:81837621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/vt/"; depth:13; endswith; nocase; http.host; content:"www.r3-tech.biz"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974520/; classtype:trojan-activity;sid:81837620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demo/c/"; depth:8; endswith; nocase; http.host; content:"trekkingfestival.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974519/; classtype:trojan-activity;sid:81837619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/v/"; depth:14; endswith; nocase; http.host; content:"jbsmediaventures.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974518/; classtype:trojan-activity;sid:81837618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/dqkg1/"; depth:11; endswith; nocase; http.host; content:"narmada.mykfn.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974517/; classtype:trojan-activity;sid:81837617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/tk/"; depth:11; endswith; nocase; http.host; content:"yaginc.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974516/; classtype:trojan-activity;sid:81837616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.99.171.192"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974514/; classtype:trojan-activity;sid:81837614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tractor-parts-gh28c/9/"; depth:23; endswith; nocase; http.host; content:"novo2.deussalveobrasil.com.br"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974515/; classtype:trojan-activity;sid:81837615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/gtio/"; depth:15; endswith; nocase; http.host; content:"dripsweet.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974513/; classtype:trojan-activity;sid:81837613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bayesian-forecasting-amj5e/s5hqmf6/"; depth:36; endswith; nocase; http.host; content:"pioneiraagronegocio.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974512/; classtype:trojan-activity;sid:81837612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/kswcpvoprulorgiq/"; depth:29; endswith; nocase; http.host; content:"cokhikiengiang.vn"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974511/; classtype:trojan-activity;sid:81837611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/u4d18lzoeznvpyfv9w3wb4rx/"; depth:36; endswith; nocase; http.host; content:"dfggggx.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974509/; classtype:trojan-activity;sid:81837609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/cgpp0vsqvki92nlcbf2xgkxifxuk91wpho2ntrxlev6ol2uodx0q9e6q/"; depth:69; endswith; nocase; http.host; content:"oceanictraders.in"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974508/; classtype:trojan-activity;sid:81837608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/jexzk881hhxljflwqqhbzgmixnqru7di/"; depth:46; endswith; nocase; http.host; content:"santhai.lk"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974510/; classtype:trojan-activity;sid:81837610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svg/jn03bbmve5natmxxckzq5nrx3zla0or9njaq77xtwdotzc4d/"; depth:54; endswith; nocase; http.host; content:"trimonks.in"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974507/; classtype:trojan-activity;sid:81837607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/ifpv0n2gtzfomucw2u7i0zzzxinfsykpwjdi4mnbsozc7asks3pxohhzt9qh09nnnchunw/"; depth:80; endswith; nocase; http.host; content:"pelisxxx.me"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974506/; classtype:trojan-activity;sid:81837606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.181.4"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974505/; classtype:trojan-activity;sid:81837605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.73.177.4"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974504/; classtype:trojan-activity;sid:81837604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.5.217"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974503/; classtype:trojan-activity;sid:81837603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.173.226"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974502/; classtype:trojan-activity;sid:81837602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.245.235.93"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974500/; classtype:trojan-activity;sid:81837600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.14.253"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974501/; classtype:trojan-activity;sid:81837601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"173.16.28.108"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974499/; classtype:trojan-activity;sid:81837599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.0.41.47"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974498/; classtype:trojan-activity;sid:81837598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.92.81.126"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974497/; classtype:trojan-activity;sid:81837597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.228.210"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974496/; classtype:trojan-activity;sid:81837596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.72.231.35"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974495/; classtype:trojan-activity;sid:81837595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.183.39"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974494/; classtype:trojan-activity;sid:81837594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.226.3.40"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974492/; classtype:trojan-activity;sid:81837592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.167.115"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974493/; classtype:trojan-activity;sid:81837593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.173.39"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974491/; classtype:trojan-activity;sid:81837591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.43.200"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974490/; classtype:trojan-activity;sid:81837590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.15.67"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974488/; classtype:trojan-activity;sid:81837588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.60.3"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974487/; classtype:trojan-activity;sid:81837587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.7.227"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974489/; classtype:trojan-activity;sid:81837589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.47.22"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974486/; classtype:trojan-activity;sid:81837586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/zzbi71rw0idiacknh4ul059zb8kterjhvfilc1ecvn8/"; depth:54; endswith; nocase; http.host; content:"uzkon.com.tr"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974485/; classtype:trojan-activity;sid:81837585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.140.187"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974484/; classtype:trojan-activity;sid:81837584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/e9bxihywtppawo0nawyvwcxfdgga3qwt6olk4vuwo7avaeh3xr/"; depth:64; endswith; nocase; http.host; content:"kingbrieecollections.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974483/; classtype:trojan-activity;sid:81837583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.59.115"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974482/; classtype:trojan-activity;sid:81837582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.136.38.215"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974481/; classtype:trojan-activity;sid:81837581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/jwfafk6jrereoc23/"; depth:30; endswith; nocase; http.host; content:"antisocials.in"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974480/; classtype:trojan-activity;sid:81837580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.164.53"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974479/; classtype:trojan-activity;sid:81837579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"144.255.243.131"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974478/; classtype:trojan-activity;sid:81837578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.82.165.84"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974477/; classtype:trojan-activity;sid:81837577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.45.42"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974475/; classtype:trojan-activity;sid:81837575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"91.80.157.85"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974476/; classtype:trojan-activity;sid:81837576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.33.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974474/; classtype:trojan-activity;sid:81837574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/pjnmd03ahaunlyukpjoftpyld6bl/"; depth:39; endswith; nocase; http.host; content:"www.vnlandnote.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974473/; classtype:trojan-activity;sid:81837573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.133"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974472/; classtype:trojan-activity;sid:81837572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.176.97"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974471/; classtype:trojan-activity;sid:81837571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.20.208"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974470/; classtype:trojan-activity;sid:81837570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.40.188"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974469/; classtype:trojan-activity;sid:81837569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.138.168"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974468/; classtype:trojan-activity;sid:81837568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.72.90"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974467/; classtype:trojan-activity;sid:81837567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.136.38.215"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974466/; classtype:trojan-activity;sid:81837566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.72.90"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974465/; classtype:trojan-activity;sid:81837565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.224.113"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974464/; classtype:trojan-activity;sid:81837564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.134.97"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974462/; classtype:trojan-activity;sid:81837562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.31.26"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974463/; classtype:trojan-activity;sid:81837563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.18.184"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974461/; classtype:trojan-activity;sid:81837561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.89.155"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974459/; classtype:trojan-activity;sid:81837559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/u77lyzeahk4f6abk9y933azxauqmydfp7/"; depth:44; endswith; nocase; http.host; content:"www.sherpazone.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974460/; classtype:trojan-activity;sid:81837560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cache/a7iacy7fi1jqe0/"; depth:22; endswith; nocase; http.host; content:"gruma.ectotec.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974458/; classtype:trojan-activity;sid:81837558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/1yimbpzahgmxdfiv1hep4njnqzbhmmouctg2aajkx5lm9pfnujnc/"; depth:63; endswith; nocase; http.host; content:"flextime.europasports.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974457/; classtype:trojan-activity;sid:81837557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h/cn8lrzpa5yncmxjvt1wd4mcq/"; depth:28; endswith; nocase; http.host; content:"kribuni.org"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974456/; classtype:trojan-activity;sid:81837556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z/t3ct8bggzxzm5fqrfnfilpm2q6wx4clkotmlyhdzxdggwmnosgq/"; depth:55; endswith; nocase; http.host; content:"pearlaccountingsolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974455/; classtype:trojan-activity;sid:81837555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/ywcfwvw7ckae6ewnzakihomrhcf6iqzeyirjuyt/"; depth:50; endswith; nocase; http.host; content:"rjuninfotech.info"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974454/; classtype:trojan-activity;sid:81837554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dumba/x7mqf5qm3omvrmgazmye/"; depth:28; endswith; nocase; http.host; content:"aliat.ectotec.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974452/; classtype:trojan-activity;sid:81837552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/ptpbef1p1hsiahllf3qi/"; depth:30; endswith; nocase; http.host; content:"learningempowersme.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974453/; classtype:trojan-activity;sid:81837553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/esnzukgccwbfhehgbjer/"; depth:33; endswith; nocase; http.host; content:"cosmetics.zone"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974451/; classtype:trojan-activity;sid:81837551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmp/o06xbrohuncyiashsewoz0m/"; depth:29; endswith; nocase; http.host; content:"bsgmuhendislik.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974448/; classtype:trojan-activity;sid:81837548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/high-times-zkufb/kecprg1v0czd5oxlpgoo6moyw5hjhszq4guj0zxxeumuzae7wmp3m6y/"; depth:74; endswith; nocase; http.host; content:"camiloyepesph.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974450/; classtype:trojan-activity;sid:81837550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/y043posewr/"; depth:24; endswith; nocase; http.host; content:"www.wsdigitalconsulting.com"; depth:27; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974449/; classtype:trojan-activity;sid:81837549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/michigan-unemployment-bydyr/ihvhpqxbhirubx7deqfa4wwhghwfdagjugknnxwfn2kakms/"; depth:77; endswith; nocase; http.host; content:"enfold.ecodesolutions.org"; depth:25; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974447/; classtype:trojan-activity;sid:81837547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.133"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974446/; classtype:trojan-activity;sid:81837546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.121.0.32"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974445/; classtype:trojan-activity;sid:81837545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.11.35.138"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974444/; classtype:trojan-activity;sid:81837544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.32.210.177"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974443/; classtype:trojan-activity;sid:81837543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.110.130"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974441/; classtype:trojan-activity;sid:81837541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.14.113.133"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974440/; classtype:trojan-activity;sid:81837540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.68.229"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974442/; classtype:trojan-activity;sid:81837542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.44.84"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974439/; classtype:trojan-activity;sid:81837539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.96.4.50"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974438/; classtype:trojan-activity;sid:81837538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video/td3mtfwv7v/"; depth:18; endswith; nocase; http.host; content:"zeemaas.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974437/; classtype:trojan-activity;sid:81837537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.32.32"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974436/; classtype:trojan-activity;sid:81837536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.61.148.209"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974434/; classtype:trojan-activity;sid:81837534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.7.49"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974435/; classtype:trojan-activity;sid:81837535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.220.229"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974432/; classtype:trojan-activity;sid:81837532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.192.12"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974433/; classtype:trojan-activity;sid:81837533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.172.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974431/; classtype:trojan-activity;sid:81837531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.130"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974430/; classtype:trojan-activity;sid:81837530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.165.145"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974429/; classtype:trojan-activity;sid:81837529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.88.132.233"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974428/; classtype:trojan-activity;sid:81837528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.197.149.195"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974427/; classtype:trojan-activity;sid:81837527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.135.123"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974425/; classtype:trojan-activity;sid:81837525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.248.142.239"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974426/; classtype:trojan-activity;sid:81837526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.175.69"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974424/; classtype:trojan-activity;sid:81837524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.90.210.179"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974423/; classtype:trojan-activity;sid:81837523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974422/; classtype:trojan-activity;sid:81837522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.104.48"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974421/; classtype:trojan-activity;sid:81837521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.126.111.19"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974420/; classtype:trojan-activity;sid:81837520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old-site-bkp-18-1/ovmnsbr03dtharsbfczd5qsy5lrguywtilgvett7yaugcdu7t9gzakv6sxmj/"; depth:80; endswith; nocase; http.host; content:"amazicainternational.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974419/; classtype:trojan-activity;sid:81837519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.47.118"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974418/; classtype:trojan-activity;sid:81837518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/sj8scspiq74rdqxuihqx4aqejms3k7eymwgk/"; depth:42; endswith; nocase; http.host; content:"renewempire.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974417/; classtype:trojan-activity;sid:81837517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"122.138.188.90"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974416/; classtype:trojan-activity;sid:81837516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"211.193.4.108"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974415/; classtype:trojan-activity;sid:81837515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.110.36.213"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974414/; classtype:trojan-activity;sid:81837514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.228.229.83"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974413/; classtype:trojan-activity;sid:81837513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.147.231"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974412/; classtype:trojan-activity;sid:81837512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.74.239"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974411/; classtype:trojan-activity;sid:81837511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.74.239"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974410/; classtype:trojan-activity;sid:81837510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.130"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974409/; classtype:trojan-activity;sid:81837509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974408/; classtype:trojan-activity;sid:81837508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.104.48"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974407/; classtype:trojan-activity;sid:81837507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1676470973/1/"; depth:14; endswith; nocase; http.host; content:"crooks-taylor.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974406/; classtype:trojan-activity;sid:81837506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/6/"; depth:14; endswith; nocase; http.host; content:"boomarketer.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974401/; classtype:trojan-activity;sid:81837501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h/ib/"; depth:6; endswith; nocase; http.host; content:"lvnskin.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974400/; classtype:trojan-activity;sid:81837500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/almet/"; depth:18; endswith; nocase; http.host; content:"nadysa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974403/; classtype:trojan-activity;sid:81837503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eidl-reconsideration-bs3lu/feooiao/"; depth:36; endswith; nocase; http.host; content:"rabiei.fun"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974404/; classtype:trojan-activity;sid:81837504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/un6g/"; depth:18; endswith; nocase; http.host; content:"rex.tasmiragroup.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974402/; classtype:trojan-activity;sid:81837502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/q8h/"; depth:16; endswith; nocase; http.host; content:"whitetheme.xyz"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974405/; classtype:trojan-activity;sid:81837505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.38.57"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974399/; classtype:trojan-activity;sid:81837499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.176.23"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974398/; classtype:trojan-activity;sid:81837498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.215"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974397/; classtype:trojan-activity;sid:81837497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.158.156"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974393/; classtype:trojan-activity;sid:81837493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.54.17"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974395/; classtype:trojan-activity;sid:81837495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.144.182"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974394/; classtype:trojan-activity;sid:81837494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.236.212.209"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974396/; classtype:trojan-activity;sid:81837496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.3.33.216"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974392/; classtype:trojan-activity;sid:81837492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.237.111"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974391/; classtype:trojan-activity;sid:81837491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"111.38.103.66"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974388/; classtype:trojan-activity;sid:81837488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.109.119"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974390/; classtype:trojan-activity;sid:81837490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.154.238"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974389/; classtype:trojan-activity;sid:81837489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.123.5"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974387/; classtype:trojan-activity;sid:81837487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"14.98.184.178"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974386/; classtype:trojan-activity;sid:81837486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.11.220"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974384/; classtype:trojan-activity;sid:81837484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.208.25"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974385/; classtype:trojan-activity;sid:81837485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.240.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974383/; classtype:trojan-activity;sid:81837483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/eycmmgiwku5sgpe22rqwmc6/"; depth:36; endswith; nocase; http.host; content:"aarsaindustries.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974382/; classtype:trojan-activity;sid:81837482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/j1c9jafhtwh89dqkhcqvljarmv/"; depth:36; endswith; nocase; http.host; content:"babilonianoticias.com.br"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974381/; classtype:trojan-activity;sid:81837481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/search/dpjaq1q2pdnd6f8gfblbimdrifz2dasjphlarx62bf7bxhymx0u4jsbdfaimunrzz7il/"; depth:77; endswith; nocase; http.host; content:"clearalignerapp.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974380/; classtype:trojan-activity;sid:81837480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n/uii9lldxdvo5e6whzxeedrpfy16asrfygxth00wyntiechbdondu0c6fumjr0q4/"; depth:67; endswith; nocase; http.host; content:"wetraytech.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974379/; classtype:trojan-activity;sid:81837479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in-what-jgcak/c5njrzmm4sqrvaes3grdnn2ccj7nzt/"; depth:46; endswith; nocase; http.host; content:"polyproductions.com.au"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974378/; classtype:trojan-activity;sid:81837478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svg/jn03bbmve5natmxxckzq5nrx3zla0or9njaq77xtwdotzc4d/"; depth:54; endswith; nocase; http.host; content:"www.trimonks.in"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974377/; classtype:trojan-activity;sid:81837477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.248.15"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974376/; classtype:trojan-activity;sid:81837476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/aegtsbbh1x4emp/"; depth:28; endswith; nocase; http.host; content:"shop.nowfal.dev"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974375/; classtype:trojan-activity;sid:81837475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.115.202"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974374/; classtype:trojan-activity;sid:81837474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1ller.arm"; depth:16; endswith; nocase; http.host; content:"37.49.230.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974369/; classtype:trojan-activity;sid:81837469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1ller.arm5"; depth:17; endswith; nocase; http.host; content:"37.49.230.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974366/; classtype:trojan-activity;sid:81837466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1ller.arm6"; depth:17; endswith; nocase; http.host; content:"37.49.230.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974370/; classtype:trojan-activity;sid:81837470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1ller.arm7"; depth:17; endswith; nocase; http.host; content:"37.49.230.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974367/; classtype:trojan-activity;sid:81837467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1ller.m68k"; depth:17; endswith; nocase; http.host; content:"37.49.230.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974371/; classtype:trojan-activity;sid:81837471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1ller.mips"; depth:17; endswith; nocase; http.host; content:"37.49.230.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974365/; classtype:trojan-activity;sid:81837465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1ller.mpsl"; depth:17; endswith; nocase; http.host; content:"37.49.230.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974373/; classtype:trojan-activity;sid:81837473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1ller.ppc"; depth:16; endswith; nocase; http.host; content:"37.49.230.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974368/; classtype:trojan-activity;sid:81837468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1ller.sh4"; depth:16; endswith; nocase; http.host; content:"37.49.230.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974372/; classtype:trojan-activity;sid:81837472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1ller.x86"; depth:16; endswith; nocase; http.host; content:"37.49.230.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974364/; classtype:trojan-activity;sid:81837464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.40.129"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974363/; classtype:trojan-activity;sid:81837463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.218.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974362/; classtype:trojan-activity;sid:81837462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.222.174.253"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974361/; classtype:trojan-activity;sid:81837461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.208.117.134"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974360/; classtype:trojan-activity;sid:81837460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.180.236"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974359/; classtype:trojan-activity;sid:81837459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.69.32.65"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974358/; classtype:trojan-activity;sid:81837458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/ywcfwvw7ckae6ewnzakihomrhcf6iqzeyirjuyt/"; depth:50; endswith; nocase; http.host; content:"www.rjuninfotech.info"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974357/; classtype:trojan-activity;sid:81837457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.207.30"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974356/; classtype:trojan-activity;sid:81837456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.248.15"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974355/; classtype:trojan-activity;sid:81837455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.240.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974354/; classtype:trojan-activity;sid:81837454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.115.202"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974353/; classtype:trojan-activity;sid:81837453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.38.57"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974352/; classtype:trojan-activity;sid:81837452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.56.241"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974351/; classtype:trojan-activity;sid:81837451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.26.180"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974350/; classtype:trojan-activity;sid:81837450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.172.144.154"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974349/; classtype:trojan-activity;sid:81837449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.58.199"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974348/; classtype:trojan-activity;sid:81837448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.166.94"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974346/; classtype:trojan-activity;sid:81837446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.180"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974347/; classtype:trojan-activity;sid:81837447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.244.122"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974345/; classtype:trojan-activity;sid:81837445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/a5sf1m5dbu8axuqkx0p88khsu6j0np20bgn4tpadfrog0/"; depth:55; endswith; nocase; http.host; content:"mootree.net"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974344/; classtype:trojan-activity;sid:81837444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.178.150"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974343/; classtype:trojan-activity;sid:81837443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asrock-motherboard-nq0fu/pcbrzepitxqcht0dcop3myiiovmi5ffn81lcmljnhxa1pc/"; depth:73; endswith; nocase; http.host; content:"xn--80aaarcad8akdntyciv3d.xn--p1ai"; depth:34; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974342/; classtype:trojan-activity;sid:81837442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.69.32.65"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974341/; classtype:trojan-activity;sid:81837441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.125.70.101"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974339/; classtype:trojan-activity;sid:81837439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/iskgq5k0qoxfah54uur8g9rhsqma4qaqfp/"; depth:45; endswith; nocase; http.host; content:"mysharmaschool.live"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974340/; classtype:trojan-activity;sid:81837440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/octzgwysp83muran6akku3tleeomv0fz/"; depth:36; endswith; nocase; http.host; content:"petrinettechnologies.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974338/; classtype:trojan-activity;sid:81837438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.41.236"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974337/; classtype:trojan-activity;sid:81837437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.203.212"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974336/; classtype:trojan-activity;sid:81837436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.167.159"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974335/; classtype:trojan-activity;sid:81837435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.120.16.52"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974334/; classtype:trojan-activity;sid:81837434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.216.185.130"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974333/; classtype:trojan-activity;sid:81837433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.22.89"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974332/; classtype:trojan-activity;sid:81837432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.16.76.215"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974331/; classtype:trojan-activity;sid:81837431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.48.54"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974330/; classtype:trojan-activity;sid:81837430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.104.134"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974329/; classtype:trojan-activity;sid:81837429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.89.4"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974327/; classtype:trojan-activity;sid:81837427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.173.186"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974328/; classtype:trojan-activity;sid:81837428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.215.214.218"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974326/; classtype:trojan-activity;sid:81837426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.255.157"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974325/; classtype:trojan-activity;sid:81837425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.41.56.61"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974323/; classtype:trojan-activity;sid:81837423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.92.80.195"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974324/; classtype:trojan-activity;sid:81837424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.0.34.174"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974322/; classtype:trojan-activity;sid:81837422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.0.54.4"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974321/; classtype:trojan-activity;sid:81837421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.77.37.142"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974320/; classtype:trojan-activity;sid:81837420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.83.75"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974319/; classtype:trojan-activity;sid:81837419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.71.111"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974318/; classtype:trojan-activity;sid:81837418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.91.134.130"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974316/; classtype:trojan-activity;sid:81837416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.71.136"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974317/; classtype:trojan-activity;sid:81837417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.119.37"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974314/; classtype:trojan-activity;sid:81837414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.155.14"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974313/; classtype:trojan-activity;sid:81837413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.206.255"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974315/; classtype:trojan-activity;sid:81837415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.64.71"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974312/; classtype:trojan-activity;sid:81837412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.99.160"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974311/; classtype:trojan-activity;sid:81837411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"211.216.185.130"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974310/; classtype:trojan-activity;sid:81837410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.125.70.101"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974309/; classtype:trojan-activity;sid:81837409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.195.109"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974307/; classtype:trojan-activity;sid:81837407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yapimasamasi/lyntuxtsb0vh0rjwlyflngnfcnodlzlr0/"; depth:48; endswith; nocase; http.host; content:"petaenerji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974308/; classtype:trojan-activity;sid:81837408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gdtest/bcdu7ev7wzellcqybbkjhpmk9j0un7cvmwqxagpvbw4pqkhkgszd7dl1xuau5/"; depth:70; endswith; nocase; http.host; content:"testing.matrixlimos.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974306/; classtype:trojan-activity;sid:81837406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.159.195"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974305/; classtype:trojan-activity;sid:81837405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/kpllf6/"; depth:10; endswith; nocase; http.host; content:"soft-hrm.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974304/; classtype:trojan-activity;sid:81837404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.171.48"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974303/; classtype:trojan-activity;sid:81837403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.88.197"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974302/; classtype:trojan-activity;sid:81837402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.46"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974301/; classtype:trojan-activity;sid:81837401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.134.20"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974300/; classtype:trojan-activity;sid:81837400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.149.20"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974297/; classtype:trojan-activity;sid:81837397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.178.60.201"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974298/; classtype:trojan-activity;sid:81837398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.173.56"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974299/; classtype:trojan-activity;sid:81837399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.99.160"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974296/; classtype:trojan-activity;sid:81837396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.120.15.27"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974295/; classtype:trojan-activity;sid:81837395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.123.238.233"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974294/; classtype:trojan-activity;sid:81837394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.109.9.218"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974292/; classtype:trojan-activity;sid:81837392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.116.201"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974293/; classtype:trojan-activity;sid:81837393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.231.131"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974291/; classtype:trojan-activity;sid:81837391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.202.101"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974290/; classtype:trojan-activity;sid:81837390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.175.108"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974289/; classtype:trojan-activity;sid:81837389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/gkvjonmvzlapctzojflhs5m4khl1sbfkcemhl6uxnl01c00raevictmfrekkurw5tyqtg/"; depth:82; endswith; nocase; http.host; content:"www.plannueve.net"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974288/; classtype:trojan-activity;sid:81837388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.88.197"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974287/; classtype:trojan-activity;sid:81837387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/access-chapter-adw8h/udmbaauxo8imhngdczzz3axeecqbtbbpsuhdum0g0fcd4lhauhqjgfxbmoceo/"; depth:84; endswith; nocase; http.host; content:"mybazarnandail.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974286/; classtype:trojan-activity;sid:81837386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.159.195"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974285/; classtype:trojan-activity;sid:81837385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/stn6jk04h2jb6vrqbmbc4dwhbktlarroebgqg0feki2qxkma2mcp1z/"; depth:64; endswith; nocase; http.host; content:"fequeinvadeoimpossivel.com.br"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974284/; classtype:trojan-activity;sid:81837384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/5gsmoauwasiflrsqhv/"; depth:32; endswith; nocase; http.host; content:"jornalpovofluminense.com.br"; depth:27; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974283/; classtype:trojan-activity;sid:81837383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biomes-worksheet-0b6d9/bmdnlxdzaricpzw/"; depth:40; endswith; nocase; http.host; content:"tiengnhatcaptoc.ngoaingufpt.edu.vn"; depth:34; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974282/; classtype:trojan-activity;sid:81837382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/notwcrkvib2wfn4rp62ki34op814y7gobb0osu8hc/"; depth:55; endswith; nocase; http.host; content:"bdshuang.cn"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974280/; classtype:trojan-activity;sid:81837380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svg/jn03bbmve5natmxxckzq5nrx3zla0or9njaq77xtwdotzc4d/"; depth:54; endswith; nocase; http.host; content:"www.trimonks.in"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974281/; classtype:trojan-activity;sid:81837381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/j3qf0t3jt0liyjp4yn2ut/"; depth:30; endswith; nocase; http.host; content:"tracertstudy.upr.ac.id"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974279/; classtype:trojan-activity;sid:81837379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/l2ghasyxtuh4wddeqoxtwn4lnrvlw7frjomqtapqosq39hc/"; depth:53; endswith; nocase; http.host; content:"a9bc.com"; depth:8; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974276/; classtype:trojan-activity;sid:81837376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dist/vy9i74avaqnuc99jskh6qbiguqj7hdourki7vegqxg0z99dgtujv1rjmolsvkhc90lvcfq/"; depth:77; endswith; nocase; http.host; content:"akuntansi.upr.ac.id"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974277/; classtype:trojan-activity;sid:81837377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f/x7t70ro9lnz9ebvpy/"; depth:21; endswith; nocase; http.host; content:"eacsertifikasi.net"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974278/; classtype:trojan-activity;sid:81837378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chalet/mjkckm/"; depth:15; endswith; nocase; http.host; content:"wyrisnetworks.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974275/; classtype:trojan-activity;sid:81837375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.237.118"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974274/; classtype:trojan-activity;sid:81837374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.25.177"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974273/; classtype:trojan-activity;sid:81837373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.147.132.226"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974272/; classtype:trojan-activity;sid:81837372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.231.230"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974271/; classtype:trojan-activity;sid:81837371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.87.248.100"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974270/; classtype:trojan-activity;sid:81837370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"149.3.85.55"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974269/; classtype:trojan-activity;sid:81837369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.170.122"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974268/; classtype:trojan-activity;sid:81837368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.166.179"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974267/; classtype:trojan-activity;sid:81837367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"187.73.243.50"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974266/; classtype:trojan-activity;sid:81837366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"208.95.160.24"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974265/; classtype:trojan-activity;sid:81837365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.228.52"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974264/; classtype:trojan-activity;sid:81837364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.160.95"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974263/; classtype:trojan-activity;sid:81837363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.169.102"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974262/; classtype:trojan-activity;sid:81837362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.110.196.197"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974258/; classtype:trojan-activity;sid:81837358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.226.236"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974261/; classtype:trojan-activity;sid:81837361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.162.71"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974259/; classtype:trojan-activity;sid:81837359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.63.119"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974260/; classtype:trojan-activity;sid:81837360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.227.217.123"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974257/; classtype:trojan-activity;sid:81837357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/sqxiiermulwwnhxe2afezka394knxcssncgkwggzm71yyrks8rfelfvxaarskspnn/"; depth:79; endswith; nocase; http.host; content:"resioleo.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974256/; classtype:trojan-activity;sid:81837356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/macbook-pro-rckgk/niamgppdkvqggmjmrxi6yt5y3ejq0uomgonil0/"; depth:58; endswith; nocase; http.host; content:"zentrum-der-darm.info"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974255/; classtype:trojan-activity;sid:81837355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cache/naxcr/"; depth:13; endswith; nocase; http.host; content:"cursos.graftech.mindlink.mx"; depth:27; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974254/; classtype:trojan-activity;sid:81837354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.248.46.239"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974253/; classtype:trojan-activity;sid:81837353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.48.217"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974252/; classtype:trojan-activity;sid:81837352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.173.112.67"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974251/; classtype:trojan-activity;sid:81837351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.41.220"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974250/; classtype:trojan-activity;sid:81837350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.212.102"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974249/; classtype:trojan-activity;sid:81837349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.200.135"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974248/; classtype:trojan-activity;sid:81837348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/news/uqqf8s0pzmnsr9as8n6sh6qmue7mjcm33myc1ea90jv5c0eqhkijmajqy8jpepdr/"; depth:71; endswith; nocase; http.host; content:"vca.co.in"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974247/; classtype:trojan-activity;sid:81837347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/yh6nwm4v8fvcvdaieifl6gyplyprzegjd35voz4mt4w6oqasnxhyjffu227e/"; depth:68; endswith; nocase; http.host; content:"siketma.upr.ac.id"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974246/; classtype:trojan-activity;sid:81837346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/nuepk0o2ztksl6kukobc/"; depth:31; endswith; nocase; http.host; content:"akademik.upr.ac.id"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974244/; classtype:trojan-activity;sid:81837344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/ayzjjgt428o6kvzww06nbisoudriupvc8hywgk1ov12pnyjj6optpfwuxn2y9ohg0w86r/"; depth:80; endswith; nocase; http.host; content:"ambiente-mallorca.info"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974243/; classtype:trojan-activity;sid:81837343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avatar-the-k0yzw/5ux1xwvsbxjekq72ieffvqlzprztnovt4jkmc/"; depth:56; endswith; nocase; http.host; content:"davicapucho.com.br"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974245/; classtype:trojan-activity;sid:81837345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/willetts-funeral-xgj6a/vdjn6ddrn3k9ert0tfnf8irgnpjpvr9k40kpfbwzq6yq0uov3yqodkegrt5mq2/"; depth:87; endswith; nocase; http.host; content:"a-web.webprofi.me"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974242/; classtype:trojan-activity;sid:81837342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/gg7xz04s2crcyjgbbe0mt/"; depth:32; endswith; nocase; http.host; content:"bukeana.info"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974240/; classtype:trojan-activity;sid:81837340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/kqa6mesgzq9powzvis18zzeu5nqpyeyxejamthlygmqnl0t0hhmck/"; depth:64; endswith; nocase; http.host; content:"jonguitdeuken.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974241/; classtype:trojan-activity;sid:81837341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.42.48.241"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974239/; classtype:trojan-activity;sid:81837339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/hghy2/"; depth:18; endswith; nocase; http.host; content:"cambiasuhistoria.growlab.es"; depth:27; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974238/; classtype:trojan-activity;sid:81837338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asset/w9o/"; depth:11; endswith; nocase; http.host; content:"vanddnabhargave.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974237/; classtype:trojan-activity;sid:81837337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/jbbb8/"; depth:15; endswith; nocase; http.host; content:"bhaktivrind.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974236/; classtype:trojan-activity;sid:81837336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/lmmc/"; depth:17; endswith; nocase; http.host; content:"gocphongthe.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974235/; classtype:trojan-activity;sid:81837335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de.letscompareonline.com/wyd/"; depth:30; endswith; nocase; http.host; content:"www.letscompareonline.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974234/; classtype:trojan-activity;sid:81837334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/x/"; depth:9; endswith; nocase; http.host; content:"cab.mykfn.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974233/; classtype:trojan-activity;sid:81837333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/online-timer-kvhxz/ilxl/"; depth:25; endswith; nocase; http.host; content:"ie-best.net"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974232/; classtype:trojan-activity;sid:81837332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.71.191"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974231/; classtype:trojan-activity;sid:81837331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kev/xeda.dll"; depth:13; endswith; nocase; http.host; content:"fortnitehecks.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974230/; classtype:trojan-activity;sid:81837330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/q949ffxh"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974229/; classtype:trojan-activity;sid:81837329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/q9rfziwp"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974228/; classtype:trojan-activity;sid:81837328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"211.248.46.239"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974227/; classtype:trojan-activity;sid:81837327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"210.96.4.50"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974226/; classtype:trojan-activity;sid:81837326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/ddkpxdyb"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974225/; classtype:trojan-activity;sid:81837325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.174.89"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974223/; classtype:trojan-activity;sid:81837323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.92.87"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974224/; classtype:trojan-activity;sid:81837324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.233.39.79"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974222/; classtype:trojan-activity;sid:81837322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.162.40"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974221/; classtype:trojan-activity;sid:81837321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/37bd3584eaa338d7a3a342bc5ca06f1165c3d8ab5eac1a3e042c1d000746dd7c"; depth:69; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974220/; classtype:trojan-activity;sid:81837320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"69.67.4.202"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974219/; classtype:trojan-activity;sid:81837319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.105.236.209"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974218/; classtype:trojan-activity;sid:81837318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.213.53"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974217/; classtype:trojan-activity;sid:81837317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.82.86"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974216/; classtype:trojan-activity;sid:81837316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.16.148"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974215/; classtype:trojan-activity;sid:81837315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.113.128.178"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974214/; classtype:trojan-activity;sid:81837314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.123.17"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974213/; classtype:trojan-activity;sid:81837313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ourtime/culetfa3v/"; depth:19; endswith; nocase; http.host; content:"relatedgrouptest.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974212/; classtype:trojan-activity;sid:81837312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crankshaft-pulley-i5aio/tlp/"; depth:29; endswith; nocase; http.host; content:"micronews.eu"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974211/; classtype:trojan-activity;sid:81837311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wood-stove-x7iww/r1sms1v/"; depth:26; endswith; nocase; http.host; content:"e-wdesign.eu"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974208/; classtype:trojan-activity;sid:81837308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/t9hvvibde/"; depth:22; endswith; nocase; http.host; content:"ofert-al.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974209/; classtype:trojan-activity;sid:81837309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netgear-wifi-qzvv4/1j7xz/"; depth:26; endswith; nocase; http.host; content:"transal.eu"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974210/; classtype:trojan-activity;sid:81837310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reference/0hlbbg8/"; depth:19; endswith; nocase; http.host; content:"www.schmuckfedern.info"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974207/; classtype:trojan-activity;sid:81837307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.9.88.185"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974206/; classtype:trojan-activity;sid:81837306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.138.186.122"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974205/; classtype:trojan-activity;sid:81837305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.200.76.50"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974203/; classtype:trojan-activity;sid:81837303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.252.250.22"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974204/; classtype:trojan-activity;sid:81837304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.163.92.116"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974202/; classtype:trojan-activity;sid:81837302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.191.240.233"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974201/; classtype:trojan-activity;sid:81837301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.18.149"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974200/; classtype:trojan-activity;sid:81837300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.82.86"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974199/; classtype:trojan-activity;sid:81837299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.46.103"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974198/; classtype:trojan-activity;sid:81837298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.43.47"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974197/; classtype:trojan-activity;sid:81837297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.168.148"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974196/; classtype:trojan-activity;sid:81837296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.10.195"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974195/; classtype:trojan-activity;sid:81837295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.93.157"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974194/; classtype:trojan-activity;sid:81837294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.119.206.57"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974193/; classtype:trojan-activity;sid:81837293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.234.189"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974192/; classtype:trojan-activity;sid:81837292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.133.121"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974191/; classtype:trojan-activity;sid:81837291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.203.66"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974190/; classtype:trojan-activity;sid:81837290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.84.70"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974189/; classtype:trojan-activity;sid:81837289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.43.47"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974188/; classtype:trojan-activity;sid:81837288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.104.49"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974187/; classtype:trojan-activity;sid:81837287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.170.207.12"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974185/; classtype:trojan-activity;sid:81837285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.174.216"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974186/; classtype:trojan-activity;sid:81837286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.79.88"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974184/; classtype:trojan-activity;sid:81837284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.0.54.60"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974183/; classtype:trojan-activity;sid:81837283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.216.0.238"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974182/; classtype:trojan-activity;sid:81837282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.36.39.2"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974180/; classtype:trojan-activity;sid:81837280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.140.217.108"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974181/; classtype:trojan-activity;sid:81837281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.211.226"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974179/; classtype:trojan-activity;sid:81837279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.93.71"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974178/; classtype:trojan-activity;sid:81837278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.97.2"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974176/; classtype:trojan-activity;sid:81837276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.16.67"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974177/; classtype:trojan-activity;sid:81837277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.68.99.6"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974175/; classtype:trojan-activity;sid:81837275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.233.116.21"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974174/; classtype:trojan-activity;sid:81837274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.203.27"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974171/; classtype:trojan-activity;sid:81837271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.126.76"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974172/; classtype:trojan-activity;sid:81837272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.194.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974170/; classtype:trojan-activity;sid:81837270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.191.111"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974173/; classtype:trojan-activity;sid:81837273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.0.6.131"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974169/; classtype:trojan-activity;sid:81837269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.209.224"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974162/; classtype:trojan-activity;sid:81837262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/include/scim/"; depth:14; endswith; nocase; http.host; content:"fab5associates.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974161/; classtype:trojan-activity;sid:81837261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.137.205"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974156/; classtype:trojan-activity;sid:81837256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msm8909-custom-bgts5/eos6t3h/"; depth:30; endswith; nocase; http.host; content:"ie-best.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974159/; classtype:trojan-activity;sid:81837259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1997-chevy-aiz00/rfrte68/"; depth:26; endswith; nocase; http.host; content:"iebest.online"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974158/; classtype:trojan-activity;sid:81837258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoefler-bold-zify4/ia/"; depth:23; endswith; nocase; http.host; content:"iebest.org"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974157/; classtype:trojan-activity;sid:81837257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/acstl/"; depth:18; endswith; nocase; http.host; content:"originpart.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974160/; classtype:trojan-activity;sid:81837260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"161.81.220.80"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974153/; classtype:trojan-activity;sid:81837253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.187.238"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974154/; classtype:trojan-activity;sid:81837254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shop/wlz4yw/"; depth:13; endswith; nocase; http.host; content:"slowdtech.net"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974155/; classtype:trojan-activity;sid:81837255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/deeat/"; depth:11; endswith; nocase; http.host; content:"singleworld-online.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974152/; classtype:trojan-activity;sid:81837252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.234.55"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974151/; classtype:trojan-activity;sid:81837251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.43.87"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974150/; classtype:trojan-activity;sid:81837250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.58.144"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974144/; classtype:trojan-activity;sid:81837244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.148.121"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974146/; classtype:trojan-activity;sid:81837246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.57.126"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974147/; classtype:trojan-activity;sid:81837247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.209.121.243"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974149/; classtype:trojan-activity;sid:81837249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.236.104"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974148/; classtype:trojan-activity;sid:81837248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.46.103"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974145/; classtype:trojan-activity;sid:81837245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.145.64"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974143/; classtype:trojan-activity;sid:81837243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.175.158"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974142/; classtype:trojan-activity;sid:81837242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.160.235"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974141/; classtype:trojan-activity;sid:81837241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.204.20"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974140/; classtype:trojan-activity;sid:81837240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.152.42.196"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974139/; classtype:trojan-activity;sid:81837239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.64.249"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974138/; classtype:trojan-activity;sid:81837238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.225.117"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974137/; classtype:trojan-activity;sid:81837237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.187.238"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974136/; classtype:trojan-activity;sid:81837236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.235.185"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974135/; classtype:trojan-activity;sid:81837235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.132.49"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974134/; classtype:trojan-activity;sid:81837234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"111.162.29.105"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974133/; classtype:trojan-activity;sid:81837233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.251.63.207"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974132/; classtype:trojan-activity;sid:81837232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.222.173"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974131/; classtype:trojan-activity;sid:81837231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.125.156.198"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974130/; classtype:trojan-activity;sid:81837230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.107.114.92"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974129/; classtype:trojan-activity;sid:81837229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.145.64"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974128/; classtype:trojan-activity;sid:81837228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.248.56"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974127/; classtype:trojan-activity;sid:81837227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.60.57.84"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974126/; classtype:trojan-activity;sid:81837226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.92.40"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974125/; classtype:trojan-activity;sid:81837225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.92.222"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974124/; classtype:trojan-activity;sid:81837224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.69.45"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974122/; classtype:trojan-activity;sid:81837222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.37.210.247"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974121/; classtype:trojan-activity;sid:81837221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.123.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974123/; classtype:trojan-activity;sid:81837223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.225.117"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974120/; classtype:trojan-activity;sid:81837220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.235.185"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974118/; classtype:trojan-activity;sid:81837218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.137.226"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974119/; classtype:trojan-activity;sid:81837219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.18.212"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974117/; classtype:trojan-activity;sid:81837217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.107.114.92"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974115/; classtype:trojan-activity;sid:81837215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.202.178"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974116/; classtype:trojan-activity;sid:81837216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.226.99.11"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974114/; classtype:trojan-activity;sid:81837214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/801846679439016010/802135569965776896/asfbr"; depth:56; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974113/; classtype:trojan-activity;sid:81837213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.248.56"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974112/; classtype:trojan-activity;sid:81837212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.112.191.24"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974111/; classtype:trojan-activity;sid:81837211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.123.0"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974110/; classtype:trojan-activity;sid:81837210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.163.65"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974109/; classtype:trojan-activity;sid:81837209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.91.245.45"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974108/; classtype:trojan-activity;sid:81837208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.41.21"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974107/; classtype:trojan-activity;sid:81837207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974106/; classtype:trojan-activity;sid:81837206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.226.99.11"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974105/; classtype:trojan-activity;sid:81837205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.18.212"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974104/; classtype:trojan-activity;sid:81837204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.65.44"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974103/; classtype:trojan-activity;sid:81837203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.182.82"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974102/; classtype:trojan-activity;sid:81837202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.137.67"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974101/; classtype:trojan-activity;sid:81837201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.36.14.122"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974099/; classtype:trojan-activity;sid:81837199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.224.189.121"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974098/; classtype:trojan-activity;sid:81837198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.16.3"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974100/; classtype:trojan-activity;sid:81837200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.180.173"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974097/; classtype:trojan-activity;sid:81837197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.222.175.66"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974096/; classtype:trojan-activity;sid:81837196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.191.192.59"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974095/; classtype:trojan-activity;sid:81837195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.227.117.87"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974093/; classtype:trojan-activity;sid:81837193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.104.53"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974094/; classtype:trojan-activity;sid:81837194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.149.204"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974092/; classtype:trojan-activity;sid:81837192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.69.85"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974091/; classtype:trojan-activity;sid:81837191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.122.112.57"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974090/; classtype:trojan-activity;sid:81837190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.45.153"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974089/; classtype:trojan-activity;sid:81837189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.92.91"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974088/; classtype:trojan-activity;sid:81837188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974086/; classtype:trojan-activity;sid:81837186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.169"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974087/; classtype:trojan-activity;sid:81837187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.149.153"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974085/; classtype:trojan-activity;sid:81837185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.30.1.158"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974084/; classtype:trojan-activity;sid:81837184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.70.255"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974082/; classtype:trojan-activity;sid:81837182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.140.89"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974083/; classtype:trojan-activity;sid:81837183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.44.152"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974081/; classtype:trojan-activity;sid:81837181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.163.119.159"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974080/; classtype:trojan-activity;sid:81837180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.45.153"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974079/; classtype:trojan-activity;sid:81837179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.165.247.118"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974078/; classtype:trojan-activity;sid:81837178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.36.171"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974077/; classtype:trojan-activity;sid:81837177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.64.39"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974076/; classtype:trojan-activity;sid:81837176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.109.33.231"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974075/; classtype:trojan-activity;sid:81837175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.222.168.185"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974074/; classtype:trojan-activity;sid:81837174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.154.93.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974073/; classtype:trojan-activity;sid:81837173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.91.254"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974072/; classtype:trojan-activity;sid:81837172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.230.98"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974070/; classtype:trojan-activity;sid:81837170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.14.248.15"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974068/; classtype:trojan-activity;sid:81837168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.202.39"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974071/; classtype:trojan-activity;sid:81837171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.42.45"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974069/; classtype:trojan-activity;sid:81837169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t/2/"; depth:5; endswith; nocase; http.host; content:"alugrama.com.mx"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974066/; classtype:trojan-activity;sid:81837166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/q26/"; depth:8; endswith; nocase; http.host; content:"silkonbusiness.matrixinfotechsolution.com"; depth:41; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974064/; classtype:trojan-activity;sid:81837164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s6kscx/z/"; depth:10; endswith; nocase; http.host; content:"bbjugueteria.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974065/; classtype:trojan-activity;sid:81837165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/shy5t/"; depth:16; endswith; nocase; http.host; content:"www.bimception.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974067/; classtype:trojan-activity;sid:81837167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/fz/"; depth:16; endswith; nocase; http.host; content:"armakonarms.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974062/; classtype:trojan-activity;sid:81837162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/if/"; depth:15; endswith; nocase; http.host; content:"homecass.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974063/; classtype:trojan-activity;sid:81837163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/fxmme/"; depth:16; endswith; nocase; http.host; content:"coworkingplus.es"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974061/; classtype:trojan-activity;sid:81837161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.122.112.57"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974060/; classtype:trojan-activity;sid:81837160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.207.225.242"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974059/; classtype:trojan-activity;sid:81837159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.222.105"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974056/; classtype:trojan-activity;sid:81837156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.92.165.73"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974057/; classtype:trojan-activity;sid:81837157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.41.7.143"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974058/; classtype:trojan-activity;sid:81837158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.237.70"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974054/; classtype:trojan-activity;sid:81837154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.196.7"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974055/; classtype:trojan-activity;sid:81837155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.181.148"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974053/; classtype:trojan-activity;sid:81837153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.125.72.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974051/; classtype:trojan-activity;sid:81837151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.92.164"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974052/; classtype:trojan-activity;sid:81837152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.165.55.170"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974050/; classtype:trojan-activity;sid:81837150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.161.45"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974049/; classtype:trojan-activity;sid:81837149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.113.80.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974048/; classtype:trojan-activity;sid:81837148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.65.159"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974047/; classtype:trojan-activity;sid:81837147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.229.54.222"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974046/; classtype:trojan-activity;sid:81837146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.77.228"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974045/; classtype:trojan-activity;sid:81837145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.139.203.60"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974044/; classtype:trojan-activity;sid:81837144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"216.24.77.236"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974043/; classtype:trojan-activity;sid:81837143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.242.208.88"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974041/; classtype:trojan-activity;sid:81837141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.215.50"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974042/; classtype:trojan-activity;sid:81837142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.189.131"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974040/; classtype:trojan-activity;sid:81837140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.237.15.135"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974039/; classtype:trojan-activity;sid:81837139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.248.194.96"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974038/; classtype:trojan-activity;sid:81837138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.143.120.17"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974037/; classtype:trojan-activity;sid:81837137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.11.212.2"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974035/; classtype:trojan-activity;sid:81837135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.142.76"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974036/; classtype:trojan-activity;sid:81837136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.209.172"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974034/; classtype:trojan-activity;sid:81837134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.90.113"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974031/; classtype:trojan-activity;sid:81837131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.173.253"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974033/; classtype:trojan-activity;sid:81837133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.45.50"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974032/; classtype:trojan-activity;sid:81837132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.98.47"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974029/; classtype:trojan-activity;sid:81837129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.203.7.166"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974030/; classtype:trojan-activity;sid:81837130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.208.68"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974028/; classtype:trojan-activity;sid:81837128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"173.16.28.213"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974026/; classtype:trojan-activity;sid:81837126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.229.54.138"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974027/; classtype:trojan-activity;sid:81837127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.168.173"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974025/; classtype:trojan-activity;sid:81837125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.81.69.226"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974024/; classtype:trojan-activity;sid:81837124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.76.59"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974023/; classtype:trojan-activity;sid:81837123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.165.55.170"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974022/; classtype:trojan-activity;sid:81837122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.113.168.233"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974021/; classtype:trojan-activity;sid:81837121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.218.138"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974019/; classtype:trojan-activity;sid:81837119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.94.52"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974020/; classtype:trojan-activity;sid:81837120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.246.176.202"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974018/; classtype:trojan-activity;sid:81837118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.192.207"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974017/; classtype:trojan-activity;sid:81837117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.99.235.234"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974016/; classtype:trojan-activity;sid:81837116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.214.8"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974014/; classtype:trojan-activity;sid:81837114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.227.97.179"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974015/; classtype:trojan-activity;sid:81837115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.156.198"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974013/; classtype:trojan-activity;sid:81837113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.126.115"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974012/; classtype:trojan-activity;sid:81837112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"92.113.168.233"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974011/; classtype:trojan-activity;sid:81837111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.92.106.29"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974010/; classtype:trojan-activity;sid:81837110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.70.175.195"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974009/; classtype:trojan-activity;sid:81837109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.190.182"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974008/; classtype:trojan-activity;sid:81837108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.94.243"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974007/; classtype:trojan-activity;sid:81837107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"32.218.180.9"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974006/; classtype:trojan-activity;sid:81837106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.12.134"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974005/; classtype:trojan-activity;sid:81837105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.226.234"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974004/; classtype:trojan-activity;sid:81837104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.208.135.159"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974003/; classtype:trojan-activity;sid:81837103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.133.76"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974002/; classtype:trojan-activity;sid:81837102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.113.80.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974001/; classtype:trojan-activity;sid:81837101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (974000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.169.199"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/974000/; classtype:trojan-activity;sid:81837100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.147.146"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973999/; classtype:trojan-activity;sid:81837099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.56.13"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973998/; classtype:trojan-activity;sid:81837098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.239.180"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973996/; classtype:trojan-activity;sid:81837096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.5.159.195"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973997/; classtype:trojan-activity;sid:81837097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.105.184"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973995/; classtype:trojan-activity;sid:81837095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pfggggghhhbgghfufutfdtdtdududrsihikfgf/rzxfenjk.exe"; depth:52; endswith; nocase; http.host; content:"eiffelmx.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973994/; classtype:trojan-activity;sid:81837094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.167.133"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973993/; classtype:trojan-activity;sid:81837093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.252.176.120"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973992/; classtype:trojan-activity;sid:81837092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.45.11"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973991/; classtype:trojan-activity;sid:81837091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.131"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973989/; classtype:trojan-activity;sid:81837089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.41.185"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973990/; classtype:trojan-activity;sid:81837090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.15.227"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973985/; classtype:trojan-activity;sid:81837085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.121.43.33"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973987/; classtype:trojan-activity;sid:81837087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.240.210"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973986/; classtype:trojan-activity;sid:81837086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.209.196.37"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973983/; classtype:trojan-activity;sid:81837083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.46.23.68"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973988/; classtype:trojan-activity;sid:81837088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.187.8"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973982/; classtype:trojan-activity;sid:81837082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.39.173"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973984/; classtype:trojan-activity;sid:81837084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.118.139.22"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973981/; classtype:trojan-activity;sid:81837081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.125.89.157"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973980/; classtype:trojan-activity;sid:81837080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.133.140.201"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973979/; classtype:trojan-activity;sid:81837079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.191.154.23"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973978/; classtype:trojan-activity;sid:81837078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.19.224"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973977/; classtype:trojan-activity;sid:81837077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.42.111"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973976/; classtype:trojan-activity;sid:81837076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.225.114.176"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973975/; classtype:trojan-activity;sid:81837075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.88.105.182"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973974/; classtype:trojan-activity;sid:81837074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.113.18"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973973/; classtype:trojan-activity;sid:81837073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/jgcws/"; depth:10; endswith; nocase; http.host; content:"admin.toppermaterial.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973972/; classtype:trojan-activity;sid:81837072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/administrator/iuheit/"; depth:22; endswith; nocase; http.host; content:"fultonandassociates.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973971/; classtype:trojan-activity;sid:81837071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/templates/g2ay/"; depth:16; endswith; nocase; http.host; content:"notebook03.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973967/; classtype:trojan-activity;sid:81837067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/9h1q/"; depth:10; endswith; nocase; http.host; content:"rosvt.com"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973969/; classtype:trojan-activity;sid:81837069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/benjamin-moore-xha9o/t/"; depth:24; endswith; nocase; http.host; content:"skver.net"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973968/; classtype:trojan-activity;sid:81837068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/fg1tm/"; depth:18; endswith; nocase; http.host; content:"www.pcsaha.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973970/; classtype:trojan-activity;sid:81837070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/wwbj/"; depth:15; endswith; nocase; http.host; content:"zippywaytest.toppermaterial.com"; depth:31; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973966/; classtype:trojan-activity;sid:81837066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.17.97.167"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973965/; classtype:trojan-activity;sid:81837065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.176.244"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973964/; classtype:trojan-activity;sid:81837064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.191.145"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973963/; classtype:trojan-activity;sid:81837063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.246.178"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973961/; classtype:trojan-activity;sid:81837061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.243.189.105"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973962/; classtype:trojan-activity;sid:81837062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.161.45"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973960/; classtype:trojan-activity;sid:81837060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.157.151.32"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973959/; classtype:trojan-activity;sid:81837059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.66.40"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973958/; classtype:trojan-activity;sid:81837058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.205.131"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973955/; classtype:trojan-activity;sid:81837055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.83.79.74"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973957/; classtype:trojan-activity;sid:81837057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.5.144.128"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973956/; classtype:trojan-activity;sid:81837056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.59.180"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973953/; classtype:trojan-activity;sid:81837053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.105.12"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973954/; classtype:trojan-activity;sid:81837054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.184.154.129"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973952/; classtype:trojan-activity;sid:81837052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.150.9"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973950/; classtype:trojan-activity;sid:81837050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.50.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973951/; classtype:trojan-activity;sid:81837051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.30.1.150"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973949/; classtype:trojan-activity;sid:81837049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.205.127"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973948/; classtype:trojan-activity;sid:81837048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.126.253"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973947/; classtype:trojan-activity;sid:81837047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.78.39.12"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973946/; classtype:trojan-activity;sid:81837046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"45.250.65.248"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973943/; classtype:trojan-activity;sid:81837043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.27.6"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973945/; classtype:trojan-activity;sid:81837045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.138.41"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973941/; classtype:trojan-activity;sid:81837041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.141.230"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973942/; classtype:trojan-activity;sid:81837042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.188.187"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973944/; classtype:trojan-activity;sid:81837044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"46.182.173.246"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973938/; classtype:trojan-activity;sid:81837038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.216.19"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973939/; classtype:trojan-activity;sid:81837039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.71.250.166"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973940/; classtype:trojan-activity;sid:81837040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.224.110.84"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973937/; classtype:trojan-activity;sid:81837037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.87.88"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973936/; classtype:trojan-activity;sid:81837036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.24.30.172"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973935/; classtype:trojan-activity;sid:81837035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.41.89"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973934/; classtype:trojan-activity;sid:81837034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.104.128"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973933/; classtype:trojan-activity;sid:81837033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.210.179"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973932/; classtype:trojan-activity;sid:81837032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.127.77"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973930/; classtype:trojan-activity;sid:81837030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.123.141"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973931/; classtype:trojan-activity;sid:81837031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"188.169.61.96"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973929/; classtype:trojan-activity;sid:81837029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.125.206.133"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973928/; classtype:trojan-activity;sid:81837028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.90.130"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973927/; classtype:trojan-activity;sid:81837027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.117.212"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973923/; classtype:trojan-activity;sid:81837023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.141.171"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973926/; classtype:trojan-activity;sid:81837026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.226.237"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973924/; classtype:trojan-activity;sid:81837024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.206.67"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973922/; classtype:trojan-activity;sid:81837022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.106.201"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973925/; classtype:trojan-activity;sid:81837025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.65.185"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973921/; classtype:trojan-activity;sid:81837021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.92.81.30"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973920/; classtype:trojan-activity;sid:81837020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.215.211.136"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973919/; classtype:trojan-activity;sid:81837019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.204.87"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973918/; classtype:trojan-activity;sid:81837018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.167.38"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973917/; classtype:trojan-activity;sid:81837017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.113.55.20"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973915/; classtype:trojan-activity;sid:81837015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.138.4.37"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973916/; classtype:trojan-activity;sid:81837016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.194.167.44"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973914/; classtype:trojan-activity;sid:81837014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.238.119.239"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973912/; classtype:trojan-activity;sid:81837012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.94.189.107"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973911/; classtype:trojan-activity;sid:81837011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.224.244.241"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973910/; classtype:trojan-activity;sid:81837010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.44.80.25"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973913/; classtype:trojan-activity;sid:81837013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boletim8198415/674434/boletim749330374"; depth:39; endswith; nocase; http.host; content:"awrdrnriefr.efrivbcx.buzz"; depth:25; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973909/; classtype:trojan-activity;sid:81837009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/026/nfe-.pdf9f700a37y6g"; depth:24; endswith; nocase; http.host; content:"b8pot48ouhb.avisocentral10.monster"; depth:34; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973908/; classtype:trojan-activity;sid:81837008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.78.39.12"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973907/; classtype:trojan-activity;sid:81837007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.141.159.29"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973906/; classtype:trojan-activity;sid:81837006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.171.59"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973905/; classtype:trojan-activity;sid:81837005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3/sax.exe"; depth:10; endswith; nocase; http.host; content:"elincepaancepartizan.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973904/; classtype:trojan-activity;sid:81837004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.123.132"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973901/; classtype:trojan-activity;sid:81837001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.66.61"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973903/; classtype:trojan-activity;sid:81837003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.74.126"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973902/; classtype:trojan-activity;sid:81837002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.122.214"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973900/; classtype:trojan-activity;sid:81837000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.242.51.155"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973899/; classtype:trojan-activity;sid:81836999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.204.244"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973896/; classtype:trojan-activity;sid:81836996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.25.203"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973894/; classtype:trojan-activity;sid:81836994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.106.203.16"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973897/; classtype:trojan-activity;sid:81836997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.125.72.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973893/; classtype:trojan-activity;sid:81836993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.38.223.116"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973895/; classtype:trojan-activity;sid:81836995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.188.194.74"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973898/; classtype:trojan-activity;sid:81836998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.120.95"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973892/; classtype:trojan-activity;sid:81836992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.77.91"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973891/; classtype:trojan-activity;sid:81836991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.43.84"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973890/; classtype:trojan-activity;sid:81836990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.24.154.178"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973889/; classtype:trojan-activity;sid:81836989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.71.142"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973888/; classtype:trojan-activity;sid:81836988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iuww/jvppp.exe"; depth:15; endswith; nocase; http.host; content:"ujkhhss.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973887/; classtype:trojan-activity;sid:81836987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.5.164"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973886/; classtype:trojan-activity;sid:81836986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stager/babmboa.php"; depth:19; endswith; nocase; http.host; content:"jvdattorney.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973885/; classtype:trojan-activity;sid:81836985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.43.64.158"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973884/; classtype:trojan-activity;sid:81836984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.4.168"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973883/; classtype:trojan-activity;sid:81836983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.118.10"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973882/; classtype:trojan-activity;sid:81836982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.36.119"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973881/; classtype:trojan-activity;sid:81836981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.10.201"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973880/; classtype:trojan-activity;sid:81836980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.86.65.72"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973879/; classtype:trojan-activity;sid:81836979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.164.179"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973878/; classtype:trojan-activity;sid:81836978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.82.251"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973877/; classtype:trojan-activity;sid:81836977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.40.107"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973876/; classtype:trojan-activity;sid:81836976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.15.89.18"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973875/; classtype:trojan-activity;sid:81836975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.63.180"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973871/; classtype:trojan-activity;sid:81836971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.91.178.12"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973874/; classtype:trojan-activity;sid:81836974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.130.188.102"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973873/; classtype:trojan-activity;sid:81836973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.232.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973872/; classtype:trojan-activity;sid:81836972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.3.211"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973870/; classtype:trojan-activity;sid:81836970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.237.90.186"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973869/; classtype:trojan-activity;sid:81836969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.61.216"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973865/; classtype:trojan-activity;sid:81836965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.99.64"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973866/; classtype:trojan-activity;sid:81836966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.212.210"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973868/; classtype:trojan-activity;sid:81836968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.68.57"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973867/; classtype:trojan-activity;sid:81836967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.38.201"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973864/; classtype:trojan-activity;sid:81836964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.228.229.27"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973863/; classtype:trojan-activity;sid:81836963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.95.100"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973862/; classtype:trojan-activity;sid:81836962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.73.62.97"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973861/; classtype:trojan-activity;sid:81836961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"188.169.45.28"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973860/; classtype:trojan-activity;sid:81836960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.15.82"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973857/; classtype:trojan-activity;sid:81836957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.135.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973859/; classtype:trojan-activity;sid:81836959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.154.89"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973858/; classtype:trojan-activity;sid:81836958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.14.20"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973856/; classtype:trojan-activity;sid:81836956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.164.144"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973854/; classtype:trojan-activity;sid:81836954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.36.128"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973855/; classtype:trojan-activity;sid:81836955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.83.230.67"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973853/; classtype:trojan-activity;sid:81836953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.87.202.163"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973852/; classtype:trojan-activity;sid:81836952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.88.211.131"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973851/; classtype:trojan-activity;sid:81836951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.95.107"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973849/; classtype:trojan-activity;sid:81836949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.178.242.57"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973850/; classtype:trojan-activity;sid:81836950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/7otp5/"; depth:16; endswith; nocase; http.host; content:"inhaustyle.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973848/; classtype:trojan-activity;sid:81836948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/23/"; depth:13; endswith; nocase; http.host; content:"cashstreamfinancial.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973847/; classtype:trojan-activity;sid:81836947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-nurse-ss8d9/z/"; depth:17; endswith; nocase; http.host; content:"technologydistilled.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973846/; classtype:trojan-activity;sid:81836946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/egyptian-comedy-hiiro/as0/"; depth:27; endswith; nocase; http.host; content:"o7therapy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973843/; classtype:trojan-activity;sid:81836943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/vr0/"; depth:16; endswith; nocase; http.host; content:"signinsolution.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973842/; classtype:trojan-activity;sid:81836942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/b/"; depth:14; endswith; nocase; http.host; content:"elsadinc.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973845/; classtype:trojan-activity;sid:81836945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/5hkc3/"; depth:11; endswith; nocase; http.host; content:"jolifm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973844/; classtype:trojan-activity;sid:81836944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.43.196"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973841/; classtype:trojan-activity;sid:81836941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.119.189"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973840/; classtype:trojan-activity;sid:81836940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys-cache/8vejbvdx/"; depth:20; endswith; nocase; http.host; content:"wp01.devanshp.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973839/; classtype:trojan-activity;sid:81836939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"203.153.38.102"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973838/; classtype:trojan-activity;sid:81836938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.115.212"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973836/; classtype:trojan-activity;sid:81836936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/ludqf/"; depth:18; endswith; nocase; http.host; content:"e-medglobal.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973837/; classtype:trojan-activity;sid:81836937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/b/"; depth:12; endswith; nocase; http.host; content:"wz760.com"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973835/; classtype:trojan-activity;sid:81836935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.209.74.49"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973834/; classtype:trojan-activity;sid:81836934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/dcmisx8y/"; depth:22; endswith; nocase; http.host; content:"www.wangke9.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973833/; classtype:trojan-activity;sid:81836933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.44.251"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973832/; classtype:trojan-activity;sid:81836932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.231.245"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973831/; classtype:trojan-activity;sid:81836931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b3snr8a/"; depth:11; endswith; nocase; http.host; content:"jlzs.kuamn.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973830/; classtype:trojan-activity;sid:81836930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.18.149"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973829/; classtype:trojan-activity;sid:81836929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/mzihkwyre/"; depth:18; endswith; nocase; http.host; content:"www.ecobaby.es"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973828/; classtype:trojan-activity;sid:81836928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.73.60.106"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973825/; classtype:trojan-activity;sid:81836925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.66.149.230"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973827/; classtype:trojan-activity;sid:81836927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.68.122"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973826/; classtype:trojan-activity;sid:81836926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.70.227"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973824/; classtype:trojan-activity;sid:81836924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.66.82"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973823/; classtype:trojan-activity;sid:81836923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.139.119"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973822/; classtype:trojan-activity;sid:81836922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.28.231"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973821/; classtype:trojan-activity;sid:81836921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.83.78.11"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973819/; classtype:trojan-activity;sid:81836919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.152.42.196"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973818/; classtype:trojan-activity;sid:81836918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.192.42"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973817/; classtype:trojan-activity;sid:81836917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.196.116"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973820/; classtype:trojan-activity;sid:81836920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.114.59"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973815/; classtype:trojan-activity;sid:81836915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.221.22"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973816/; classtype:trojan-activity;sid:81836916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.139.206"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973814/; classtype:trojan-activity;sid:81836914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.23.39.209"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973813/; classtype:trojan-activity;sid:81836913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"173.16.27.160"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973812/; classtype:trojan-activity;sid:81836912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.138.8"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973811/; classtype:trojan-activity;sid:81836911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.161.90.253"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973810/; classtype:trojan-activity;sid:81836910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.75.71.28"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973809/; classtype:trojan-activity;sid:81836909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.3.20"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973807/; classtype:trojan-activity;sid:81836907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.202.112"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973806/; classtype:trojan-activity;sid:81836906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.62.143"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973805/; classtype:trojan-activity;sid:81836905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.122.105.26"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973808/; classtype:trojan-activity;sid:81836908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.149.126"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973804/; classtype:trojan-activity;sid:81836904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"101.66.80.23"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973803/; classtype:trojan-activity;sid:81836903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.38.201"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973801/; classtype:trojan-activity;sid:81836901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.220.159.199"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973802/; classtype:trojan-activity;sid:81836902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.209.207"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973800/; classtype:trojan-activity;sid:81836900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.130.90"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973799/; classtype:trojan-activity;sid:81836899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.27.234"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973798/; classtype:trojan-activity;sid:81836898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.158.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973797/; classtype:trojan-activity;sid:81836897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.137.61"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973795/; classtype:trojan-activity;sid:81836895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.40.44"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973796/; classtype:trojan-activity;sid:81836896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.192.83.88"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973792/; classtype:trojan-activity;sid:81836892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.181.60"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973793/; classtype:trojan-activity;sid:81836893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.162.181.59"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973794/; classtype:trojan-activity;sid:81836894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kobu.arm"; depth:9; endswith; nocase; http.host; content:"185.239.242.9"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973791/; classtype:trojan-activity;sid:81836891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.159.141.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973790/; classtype:trojan-activity;sid:81836890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.232.65"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973789/; classtype:trojan-activity;sid:81836889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ciabins.sh"; depth:11; endswith; nocase; http.host; content:"46.249.33.97"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973788/; classtype:trojan-activity;sid:81836888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.248.13"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973787/; classtype:trojan-activity;sid:81836887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.47.54"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973786/; classtype:trojan-activity;sid:81836886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.94.77"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973785/; classtype:trojan-activity;sid:81836885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.46.46.255"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973783/; classtype:trojan-activity;sid:81836883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.95.51"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973784/; classtype:trojan-activity;sid:81836884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.13.249"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973782/; classtype:trojan-activity;sid:81836882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.69.168.155"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973781/; classtype:trojan-activity;sid:81836881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.42.97.147"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973780/; classtype:trojan-activity;sid:81836880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/kkht1/"; depth:16; endswith; nocase; http.host; content:"www.91yudao.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973779/; classtype:trojan-activity;sid:81836879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/sucuri/lewfk/"; depth:33; endswith; nocase; http.host; content:"rbdck.com"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973778/; classtype:trojan-activity;sid:81836878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/a5g/"; depth:13; endswith; nocase; http.host; content:"uagritech.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973776/; classtype:trojan-activity;sid:81836876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/four-monks-acasz/o2my/"; depth:23; endswith; nocase; http.host; content:"yourcleanersurfaces.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973777/; classtype:trojan-activity;sid:81836877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/7gyt/"; depth:17; endswith; nocase; http.host; content:"fifacoinsbox.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973775/; classtype:trojan-activity;sid:81836875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alfacgiapi/q92a/"; depth:17; endswith; nocase; http.host; content:"seamart.info"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973774/; classtype:trojan-activity;sid:81836874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rustic-decor-1gbad/us/"; depth:23; endswith; nocase; http.host; content:"laymancoder.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973773/; classtype:trojan-activity;sid:81836873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.232.65"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973772/; classtype:trojan-activity;sid:81836872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.61.100.213"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973771/; classtype:trojan-activity;sid:81836871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.21.14"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973767/; classtype:trojan-activity;sid:81836867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.24.169"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973770/; classtype:trojan-activity;sid:81836870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.38.108"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973768/; classtype:trojan-activity;sid:81836868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.168.212"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973769/; classtype:trojan-activity;sid:81836869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.40.97"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973766/; classtype:trojan-activity;sid:81836866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.15.88.89"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973765/; classtype:trojan-activity;sid:81836865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.58.235"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973764/; classtype:trojan-activity;sid:81836864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.123.2"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973759/; classtype:trojan-activity;sid:81836859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.199.79.91"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973760/; classtype:trojan-activity;sid:81836860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.47.50"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973762/; classtype:trojan-activity;sid:81836862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.45.30"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973758/; classtype:trojan-activity;sid:81836858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.152.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973763/; classtype:trojan-activity;sid:81836863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.14.111"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973761/; classtype:trojan-activity;sid:81836861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.166.28"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973757/; classtype:trojan-activity;sid:81836857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"153.3.118.131"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973756/; classtype:trojan-activity;sid:81836856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.239.115.195"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973754/; classtype:trojan-activity;sid:81836854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.171.167"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973753/; classtype:trojan-activity;sid:81836853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.193.83"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973752/; classtype:trojan-activity;sid:81836852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.214.226"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973755/; classtype:trojan-activity;sid:81836855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.171.147"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973749/; classtype:trojan-activity;sid:81836849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.206.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973751/; classtype:trojan-activity;sid:81836851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.8.253.146"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973750/; classtype:trojan-activity;sid:81836850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.159.141.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973748/; classtype:trojan-activity;sid:81836848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.27.56"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973747/; classtype:trojan-activity;sid:81836847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.219.166.214"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973746/; classtype:trojan-activity;sid:81836846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.204.35"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973745/; classtype:trojan-activity;sid:81836845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.146.175"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973744/; classtype:trojan-activity;sid:81836844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.99.140.40"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973743/; classtype:trojan-activity;sid:81836843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.12.152"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973742/; classtype:trojan-activity;sid:81836842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.136.63"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973741/; classtype:trojan-activity;sid:81836841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.170.134"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973740/; classtype:trojan-activity;sid:81836840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.175.254"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973738/; classtype:trojan-activity;sid:81836838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.92.228"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973739/; classtype:trojan-activity;sid:81836839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.54.116.174"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973735/; classtype:trojan-activity;sid:81836835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.19.154"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973737/; classtype:trojan-activity;sid:81836837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.30.36"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973736/; classtype:trojan-activity;sid:81836836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.php|3f|file=lv.exe"; depth:28; endswith; nocase; http.host; content:"vrsypcmlw03.top"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973734/; classtype:trojan-activity;sid:81836834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.142.103.236"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973733/; classtype:trojan-activity;sid:81836833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.34.176.117"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973732/; classtype:trojan-activity;sid:81836832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.67.185"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973730/; classtype:trojan-activity;sid:81836830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.115.148"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973729/; classtype:trojan-activity;sid:81836829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.204.107"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973726/; classtype:trojan-activity;sid:81836826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.38.192.150"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973728/; classtype:trojan-activity;sid:81836828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.173.245"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973727/; classtype:trojan-activity;sid:81836827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.112.39.47"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973731/; classtype:trojan-activity;sid:81836831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.151.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973725/; classtype:trojan-activity;sid:81836825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.7.25"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973724/; classtype:trojan-activity;sid:81836824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.95.21.27"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973723/; classtype:trojan-activity;sid:81836823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.88.242.44"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973722/; classtype:trojan-activity;sid:81836822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.126.94"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973720/; classtype:trojan-activity;sid:81836820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.99.197"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973721/; classtype:trojan-activity;sid:81836821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.70.208"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973719/; classtype:trojan-activity;sid:81836819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.57.129"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973718/; classtype:trojan-activity;sid:81836818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.1.218"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973717/; classtype:trojan-activity;sid:81836817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.218.249"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973716/; classtype:trojan-activity;sid:81836816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.49.242"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973715/; classtype:trojan-activity;sid:81836815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.180.242"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973714/; classtype:trojan-activity;sid:81836814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.175.100"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973713/; classtype:trojan-activity;sid:81836813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.139.137"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973712/; classtype:trojan-activity;sid:81836812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.98.204"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973710/; classtype:trojan-activity;sid:81836810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.212.151"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973711/; classtype:trojan-activity;sid:81836811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.118.136"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973709/; classtype:trojan-activity;sid:81836809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.114.126.146"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973708/; classtype:trojan-activity;sid:81836808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.40.28"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973707/; classtype:trojan-activity;sid:81836807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.166.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973706/; classtype:trojan-activity;sid:81836806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.209.173"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973705/; classtype:trojan-activity;sid:81836805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.206.39"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973704/; classtype:trojan-activity;sid:81836804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.119.56.120"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973703/; classtype:trojan-activity;sid:81836803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.17.218"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973702/; classtype:trojan-activity;sid:81836802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.226.83"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973701/; classtype:trojan-activity;sid:81836801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.86.11"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973700/; classtype:trojan-activity;sid:81836800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.211.169"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973699/; classtype:trojan-activity;sid:81836799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.57.129"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973698/; classtype:trojan-activity;sid:81836798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3/bbc.exe"; depth:10; endswith; nocase; http.host; content:"iffusedtrac.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973697/; classtype:trojan-activity;sid:81836797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hkcmd/vbc.exe"; depth:14; endswith; nocase; http.host; content:"198.144.176.146"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973696/; classtype:trojan-activity;sid:81836796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.229.70"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973695/; classtype:trojan-activity;sid:81836795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.45.212"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973694/; classtype:trojan-activity;sid:81836794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.211.169"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973693/; classtype:trojan-activity;sid:81836793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.84.201"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973692/; classtype:trojan-activity;sid:81836792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chnsfrnd2/vbc.exe"; depth:18; endswith; nocase; http.host; content:"wsdychthreerecantink.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973691/; classtype:trojan-activity;sid:81836791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shen2doc/winlog.exe"; depth:20; endswith; nocase; http.host; content:"wsdyshgshg2induswsjg.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973690/; classtype:trojan-activity;sid:81836790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pan0ramic0.jpg"; depth:15; endswith; nocase; http.host; content:"www.electroniclog.bar"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973689/; classtype:trojan-activity;sid:81836789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1xotlu9w9ulmmihcvnkhvzspqssmjbcww"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973688/; classtype:trojan-activity;sid:81836788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ty/janomo_jcznewo137.bin"; depth:25; endswith; nocase; http.host; content:"abidpasha.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973686/; classtype:trojan-activity;sid:81836786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=35400d1969c10bb9|7c|26|7c|resid=35400d1969c10bb9%21111|7c|26|7c|authkey=aoght3nbh-zf1ki"; depth:104; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973687/; classtype:trojan-activity;sid:81836787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/abdulx.scr"; depth:23; endswith; nocase; http.host; content:"tunedinblog.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973683/; classtype:trojan-activity;sid:81836783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/davincii.scr"; depth:25; endswith; nocase; http.host; content:"tunedinblog.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973685/; classtype:trojan-activity;sid:81836785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/pinterx.scr"; depth:24; endswith; nocase; http.host; content:"tunedinblog.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973684/; classtype:trojan-activity;sid:81836784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/patoto.pdf"; depth:14; endswith; nocase; http.host; content:"30pack.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973681/; classtype:trojan-activity;sid:81836781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.229.70"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973678/; classtype:trojan-activity;sid:81836778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/alex.scr"; depth:21; endswith; nocase; http.host; content:"tunedinblog.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973680/; classtype:trojan-activity;sid:81836780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/haitianx.scr"; depth:25; endswith; nocase; http.host; content:"tunedinblog.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973682/; classtype:trojan-activity;sid:81836782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/liamhugox.scr"; depth:26; endswith; nocase; http.host; content:"tunedinblog.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973679/; classtype:trojan-activity;sid:81836779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/dmitrix.scr"; depth:24; endswith; nocase; http.host; content:"tunedinblog.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973677/; classtype:trojan-activity;sid:81836777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.215.77"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973676/; classtype:trojan-activity;sid:81836776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.45.212"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973675/; classtype:trojan-activity;sid:81836775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/cic.exe"; depth:25; endswith; nocase; http.host; content:"bornwildadventures.co.ke"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973674/; classtype:trojan-activity;sid:81836774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.84.201"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973673/; classtype:trojan-activity;sid:81836773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.215.77"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973672/; classtype:trojan-activity;sid:81836772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.71.183"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973671/; classtype:trojan-activity;sid:81836771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pan0ramic0.jpg"; depth:15; endswith; nocase; http.host; content:"linelectriciti.casa"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973670/; classtype:trojan-activity;sid:81836770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.104.204"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973669/; classtype:trojan-activity;sid:81836769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.93.84"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973668/; classtype:trojan-activity;sid:81836768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.173.236"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973667/; classtype:trojan-activity;sid:81836767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.87.47"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973666/; classtype:trojan-activity;sid:81836766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.180.50"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973665/; classtype:trojan-activity;sid:81836765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/undelete360b.exe"; depth:17; endswith; nocase; http.host; content:"ppinetwork.online"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973664/; classtype:trojan-activity;sid:81836764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iuww/jvppp.exe"; depth:15; endswith; nocase; http.host; content:"www.ujkhhss.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973663/; classtype:trojan-activity;sid:81836763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downfiles/lv.exe"; depth:17; endswith; nocase; http.host; content:"vrsypcmlw03.top"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973662/; classtype:trojan-activity;sid:81836762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sec/fine.jpg"; depth:13; endswith; nocase; http.host; content:"209.250.243.243"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973661/; classtype:trojan-activity;sid:81836761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sec/bolin.jpg"; depth:14; endswith; nocase; http.host; content:"209.250.243.243"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973659/; classtype:trojan-activity;sid:81836759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c3.dll"; depth:7; endswith; nocase; http.host; content:"hindi.factsriver.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973660/; classtype:trojan-activity;sid:81836760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.85.239.121"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973657/; classtype:trojan-activity;sid:81836757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sec/derry.jpg"; depth:14; endswith; nocase; http.host; content:"209.250.243.243"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973656/; classtype:trojan-activity;sid:81836756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sec/jor.jpg"; depth:12; endswith; nocase; http.host; content:"209.250.243.243"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973658/; classtype:trojan-activity;sid:81836758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sec/8.jpg"; depth:10; endswith; nocase; http.host; content:"209.250.243.243"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973650/; classtype:trojan-activity;sid:81836750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sec/friend.jpg"; depth:15; endswith; nocase; http.host; content:"209.250.243.243"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973654/; classtype:trojan-activity;sid:81836754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sec/gil.jpg"; depth:12; endswith; nocase; http.host; content:"209.250.243.243"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973652/; classtype:trojan-activity;sid:81836752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.255.226.166"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973653/; classtype:trojan-activity;sid:81836753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.214.254"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973649/; classtype:trojan-activity;sid:81836749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.90.71"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973651/; classtype:trojan-activity;sid:81836751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shop/22601600012/c3.dll"; depth:24; endswith; nocase; http.host; content:"minishop.in"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973655/; classtype:trojan-activity;sid:81836755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"46.249.33.97"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973648/; classtype:trojan-activity;sid:81836748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.37"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973647/; classtype:trojan-activity;sid:81836747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.241.84"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973646/; classtype:trojan-activity;sid:81836746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.80.72.187"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973645/; classtype:trojan-activity;sid:81836745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.255.226.166"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973644/; classtype:trojan-activity;sid:81836744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.219.150.136"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973643/; classtype:trojan-activity;sid:81836743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.241.84"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973642/; classtype:trojan-activity;sid:81836742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.188.241.219"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973641/; classtype:trojan-activity;sid:81836741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.0.34.114"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973640/; classtype:trojan-activity;sid:81836740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.164.47"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973638/; classtype:trojan-activity;sid:81836738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.139.191"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973639/; classtype:trojan-activity;sid:81836739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.250.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973635/; classtype:trojan-activity;sid:81836735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.104.47"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973636/; classtype:trojan-activity;sid:81836736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.140.174"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973637/; classtype:trojan-activity;sid:81836737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.115.175.196"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973634/; classtype:trojan-activity;sid:81836734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.87.173.19"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973633/; classtype:trojan-activity;sid:81836733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.104.171"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973630/; classtype:trojan-activity;sid:81836730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.198.179"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973632/; classtype:trojan-activity;sid:81836732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.86.236.119"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973629/; classtype:trojan-activity;sid:81836729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.70.65"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973631/; classtype:trojan-activity;sid:81836731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.20.203.163"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973628/; classtype:trojan-activity;sid:81836728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.103.81.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973627/; classtype:trojan-activity;sid:81836727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.139.193.197"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973626/; classtype:trojan-activity;sid:81836726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.219.150.136"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973625/; classtype:trojan-activity;sid:81836725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.37"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973624/; classtype:trojan-activity;sid:81836724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"187.103.81.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973623/; classtype:trojan-activity;sid:81836723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.73.50"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973622/; classtype:trojan-activity;sid:81836722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.20.203.163"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973621/; classtype:trojan-activity;sid:81836721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.160.15"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973620/; classtype:trojan-activity;sid:81836720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.196.115"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973619/; classtype:trojan-activity;sid:81836719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.88.199"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973618/; classtype:trojan-activity;sid:81836718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.163.119.159"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973617/; classtype:trojan-activity;sid:81836717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973616/; classtype:trojan-activity;sid:81836716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973615/; classtype:trojan-activity;sid:81836715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973612/; classtype:trojan-activity;sid:81836712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973610/; classtype:trojan-activity;sid:81836710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973614/; classtype:trojan-activity;sid:81836714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973611/; classtype:trojan-activity;sid:81836711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973613/; classtype:trojan-activity;sid:81836713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973609/; classtype:trojan-activity;sid:81836709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973608/; classtype:trojan-activity;sid:81836708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973607/; classtype:trojan-activity;sid:81836707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973606/; classtype:trojan-activity;sid:81836706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973604/; classtype:trojan-activity;sid:81836704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"209.141.60.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973605/; classtype:trojan-activity;sid:81836705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.85.121"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973603/; classtype:trojan-activity;sid:81836703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.252.9.37"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973602/; classtype:trojan-activity;sid:81836702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.93.254.217"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973601/; classtype:trojan-activity;sid:81836701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.93.98"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973600/; classtype:trojan-activity;sid:81836700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuc/fuc.arm"; depth:12; endswith; nocase; http.host; content:"185.172.110.235"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973598/; classtype:trojan-activity;sid:81836698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuc/fuc.arm7"; depth:13; endswith; nocase; http.host; content:"185.172.110.235"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973599/; classtype:trojan-activity;sid:81836699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.88.233.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973597/; classtype:trojan-activity;sid:81836697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.85.121"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973596/; classtype:trojan-activity;sid:81836696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i/qwoxgkeaxpmodflrmqgtb1vxp2hyuiqqcatadbxazlji1pwjmusekjbgtgocxarjt8/"; depth:70; endswith; nocase; http.host; content:"qmh333.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973595/; classtype:trojan-activity;sid:81836695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/notwcrkvib2wfn4rp62ki34op814y7gobb0osu8hc/"; depth:55; endswith; nocase; http.host; content:"www.bdshuang.cn"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973594/; classtype:trojan-activity;sid:81836694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/application/uxltck58c1xrrcu4xj7eqjldcpnnln/"; depth:44; endswith; nocase; http.host; content:"jzsubao.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973593/; classtype:trojan-activity;sid:81836693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/rm7yv3assvd1hoeknmmqx6i3ixwwextvddcoa5/"; depth:51; endswith; nocase; http.host; content:"dryaquelingrdo.softdesigns.org"; depth:30; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973592/; classtype:trojan-activity;sid:81836692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/zj3qqdv84ixahpvypx638dlfgrohbzmjlymn5cvzdmz2jbsaelbhkejtxoxt/"; depth:73; endswith; nocase; http.host; content:"nafis24.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973591/; classtype:trojan-activity;sid:81836691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.111"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973590/; classtype:trojan-activity;sid:81836690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.93.98"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973589/; classtype:trojan-activity;sid:81836689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.148.174"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973588/; classtype:trojan-activity;sid:81836688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.111"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973587/; classtype:trojan-activity;sid:81836687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.104.76"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973585/; classtype:trojan-activity;sid:81836685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.4.170.3"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973586/; classtype:trojan-activity;sid:81836686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.4.170.3"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973584/; classtype:trojan-activity;sid:81836684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.122.112.15"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973583/; classtype:trojan-activity;sid:81836683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.173.58.82"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973582/; classtype:trojan-activity;sid:81836682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.100.142"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973581/; classtype:trojan-activity;sid:81836681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.73.203"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973580/; classtype:trojan-activity;sid:81836680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.2.248"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973579/; classtype:trojan-activity;sid:81836679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.234.171.92"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973578/; classtype:trojan-activity;sid:81836678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.226.136"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973577/; classtype:trojan-activity;sid:81836677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.122.112.15"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973576/; classtype:trojan-activity;sid:81836676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.166.39"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973575/; classtype:trojan-activity;sid:81836675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.110.221.66"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973574/; classtype:trojan-activity;sid:81836674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.84.215.151"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973571/; classtype:trojan-activity;sid:81836671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.216.235.175"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973573/; classtype:trojan-activity;sid:81836673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.174.122.126"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973572/; classtype:trojan-activity;sid:81836672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.158.242"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973570/; classtype:trojan-activity;sid:81836670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.238.89"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973568/; classtype:trojan-activity;sid:81836668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.194.65"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973569/; classtype:trojan-activity;sid:81836669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.139.238"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973566/; classtype:trojan-activity;sid:81836666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.11.68.139"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973567/; classtype:trojan-activity;sid:81836667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.40.147"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973564/; classtype:trojan-activity;sid:81836664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.67.225.195"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973565/; classtype:trojan-activity;sid:81836665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.147.154"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973563/; classtype:trojan-activity;sid:81836663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.229.147"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973560/; classtype:trojan-activity;sid:81836660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.37.52"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973562/; classtype:trojan-activity;sid:81836662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.160.53"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973561/; classtype:trojan-activity;sid:81836661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.85.199.111"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973559/; classtype:trojan-activity;sid:81836659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.211.18.87"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973558/; classtype:trojan-activity;sid:81836658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.173.58.82"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973557/; classtype:trojan-activity;sid:81836657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.203.179"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973556/; classtype:trojan-activity;sid:81836656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.97.139.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973555/; classtype:trojan-activity;sid:81836655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.135.201.193"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973554/; classtype:trojan-activity;sid:81836654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.120.15.27"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973553/; classtype:trojan-activity;sid:81836653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.97.139.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973552/; classtype:trojan-activity;sid:81836652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.142.0.55"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973551/; classtype:trojan-activity;sid:81836651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.47.41.166"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973550/; classtype:trojan-activity;sid:81836650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rlrtqe"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973549/; classtype:trojan-activity;sid:81836649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bxdlmi"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973547/; classtype:trojan-activity;sid:81836647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lqlakm"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973546/; classtype:trojan-activity;sid:81836646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxftvi"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973548/; classtype:trojan-activity;sid:81836648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qokcon"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973544/; classtype:trojan-activity;sid:81836644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uybnji"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973545/; classtype:trojan-activity;sid:81836645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yeansn"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973543/; classtype:trojan-activity;sid:81836643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.144.190"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973542/; classtype:trojan-activity;sid:81836642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rysypg"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973541/; classtype:trojan-activity;sid:81836641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuwenb"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973540/; classtype:trojan-activity;sid:81836640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eoxmkb"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973538/; classtype:trojan-activity;sid:81836638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghpmuy"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973536/; classtype:trojan-activity;sid:81836636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vvahia"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973539/; classtype:trojan-activity;sid:81836639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wkomqp"; depth:7; endswith; nocase; http.host; content:"46.101.131.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973537/; classtype:trojan-activity;sid:81836637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.142.0.55"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973535/; classtype:trojan-activity;sid:81836635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.144.190"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973534/; classtype:trojan-activity;sid:81836634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.17.37"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973533/; classtype:trojan-activity;sid:81836633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.75.35"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973532/; classtype:trojan-activity;sid:81836632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.201.225.110"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973531/; classtype:trojan-activity;sid:81836631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.156.159.64"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973530/; classtype:trojan-activity;sid:81836630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.156.159.64"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973529/; classtype:trojan-activity;sid:81836629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.17.37"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973528/; classtype:trojan-activity;sid:81836628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.200"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973527/; classtype:trojan-activity;sid:81836627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.125.31"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973526/; classtype:trojan-activity;sid:81836626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.56.55"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973525/; classtype:trojan-activity;sid:81836625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.125.31"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973524/; classtype:trojan-activity;sid:81836624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.2.214.230"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973523/; classtype:trojan-activity;sid:81836623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"173.19.58.108"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973522/; classtype:trojan-activity;sid:81836622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.244.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973521/; classtype:trojan-activity;sid:81836621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.200"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973520/; classtype:trojan-activity;sid:81836620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.246.136"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973519/; classtype:trojan-activity;sid:81836619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.60.194"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973518/; classtype:trojan-activity;sid:81836618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.58.42.70"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973517/; classtype:trojan-activity;sid:81836617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.244.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973516/; classtype:trojan-activity;sid:81836616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.246.136"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973515/; classtype:trojan-activity;sid:81836615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.249.225"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973514/; classtype:trojan-activity;sid:81836614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.84.16"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973513/; classtype:trojan-activity;sid:81836613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.140.145"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973512/; classtype:trojan-activity;sid:81836612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.217.121.107"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973511/; classtype:trojan-activity;sid:81836611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.188.241.49"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973509/; classtype:trojan-activity;sid:81836609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.115.73.52"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973510/; classtype:trojan-activity;sid:81836610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.0.49.99"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973506/; classtype:trojan-activity;sid:81836606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.115.73.186"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973508/; classtype:trojan-activity;sid:81836608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.122.29"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973507/; classtype:trojan-activity;sid:81836607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.181.75.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973503/; classtype:trojan-activity;sid:81836603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.104.87"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973504/; classtype:trojan-activity;sid:81836604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.79.211"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973505/; classtype:trojan-activity;sid:81836605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.48.17"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973502/; classtype:trojan-activity;sid:81836602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.11.85.78"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973501/; classtype:trojan-activity;sid:81836601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.19.245"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973500/; classtype:trojan-activity;sid:81836600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.96.75.28"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973499/; classtype:trojan-activity;sid:81836599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.12.67.73"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973497/; classtype:trojan-activity;sid:81836597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.31.245"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973496/; classtype:trojan-activity;sid:81836596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.230.198"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973495/; classtype:trojan-activity;sid:81836595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.165.129.9"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_22; reference:url, urlhaus.abuse.ch/url/973498/; classtype:trojan-activity;sid:81836598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.166.188.63"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973494/; classtype:trojan-activity;sid:81836594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.84.16"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973493/; classtype:trojan-activity;sid:81836593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.242.150.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973492/; classtype:trojan-activity;sid:81836592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.140.145"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973491/; classtype:trojan-activity;sid:81836591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.249.225"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973490/; classtype:trojan-activity;sid:81836590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.132.173"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973489/; classtype:trojan-activity;sid:81836589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.166.188.63"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973488/; classtype:trojan-activity;sid:81836588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.242.150.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973487/; classtype:trojan-activity;sid:81836587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.170.84.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973486/; classtype:trojan-activity;sid:81836586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.132.173"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973485/; classtype:trojan-activity;sid:81836585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"69.67.4.202"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973484/; classtype:trojan-activity;sid:81836584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.142"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973483/; classtype:trojan-activity;sid:81836583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.210.61"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973482/; classtype:trojan-activity;sid:81836582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exmpjzwsb/5555555555.jpg"; depth:25; endswith; nocase; http.host; content:"christiecentre.com.au"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973481/; classtype:trojan-activity;sid:81836581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bwqbfbse/5555555555.jpg"; depth:24; endswith; nocase; http.host; content:"themagicalfortress.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973480/; classtype:trojan-activity;sid:81836580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yhnqj/5555555555.jpg"; depth:21; endswith; nocase; http.host; content:"indianhealthtrust.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973479/; classtype:trojan-activity;sid:81836579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdmhgbfhfwq/5555555555.jpg"; depth:27; endswith; nocase; http.host; content:"destock-optic.fr"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973478/; classtype:trojan-activity;sid:81836578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.216.34"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973477/; classtype:trojan-activity;sid:81836577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.210.61"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973476/; classtype:trojan-activity;sid:81836576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.59.47.242"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973475/; classtype:trojan-activity;sid:81836575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.227.247.149"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973474/; classtype:trojan-activity;sid:81836574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.142"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973473/; classtype:trojan-activity;sid:81836573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.216.34"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973472/; classtype:trojan-activity;sid:81836572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.59.47.242"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973471/; classtype:trojan-activity;sid:81836571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.211.51.143"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973470/; classtype:trojan-activity;sid:81836570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.105.250.226"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973469/; classtype:trojan-activity;sid:81836569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.24.76.65"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973468/; classtype:trojan-activity;sid:81836568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.134.55"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973467/; classtype:trojan-activity;sid:81836567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"173.220.222.227"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973465/; classtype:trojan-activity;sid:81836565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973466/; classtype:trojan-activity;sid:81836566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.51.123.35"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973464/; classtype:trojan-activity;sid:81836564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.134.55"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973463/; classtype:trojan-activity;sid:81836563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.8.31"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973462/; classtype:trojan-activity;sid:81836562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.60.241"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973461/; classtype:trojan-activity;sid:81836561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.227.247.149"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973460/; classtype:trojan-activity;sid:81836560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.8.31"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973459/; classtype:trojan-activity;sid:81836559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.7.150"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973458/; classtype:trojan-activity;sid:81836558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.92.81.109"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973457/; classtype:trojan-activity;sid:81836557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.0.54.93"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973455/; classtype:trojan-activity;sid:81836555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.225.54.95"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973456/; classtype:trojan-activity;sid:81836556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.139.133"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973454/; classtype:trojan-activity;sid:81836554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.89.191.211"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973453/; classtype:trojan-activity;sid:81836553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.138.8"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973452/; classtype:trojan-activity;sid:81836552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.25.140.225"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973451/; classtype:trojan-activity;sid:81836551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.10.157"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973450/; classtype:trojan-activity;sid:81836550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.159.189"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973449/; classtype:trojan-activity;sid:81836549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.127.121"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973448/; classtype:trojan-activity;sid:81836548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.196.14"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973445/; classtype:trojan-activity;sid:81836545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.82.170"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973446/; classtype:trojan-activity;sid:81836546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.141.234.163"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973444/; classtype:trojan-activity;sid:81836544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.8.179"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973447/; classtype:trojan-activity;sid:81836547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.75.134.58"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973443/; classtype:trojan-activity;sid:81836543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.10.136"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973442/; classtype:trojan-activity;sid:81836542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.204.195.185"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973441/; classtype:trojan-activity;sid:81836541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.243.8"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973440/; classtype:trojan-activity;sid:81836540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.134.1"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973439/; classtype:trojan-activity;sid:81836539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.87.61"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973438/; classtype:trojan-activity;sid:81836538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.123.28"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973437/; classtype:trojan-activity;sid:81836537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.123.4"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973436/; classtype:trojan-activity;sid:81836536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.60.241"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973435/; classtype:trojan-activity;sid:81836535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.127.49"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973434/; classtype:trojan-activity;sid:81836534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.174.69.212"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973433/; classtype:trojan-activity;sid:81836533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.243.8"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973432/; classtype:trojan-activity;sid:81836532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.134.1"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973431/; classtype:trojan-activity;sid:81836531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.123.28"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973430/; classtype:trojan-activity;sid:81836530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.226.147.8"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973429/; classtype:trojan-activity;sid:81836529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.255.6"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973428/; classtype:trojan-activity;sid:81836528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.174.69.212"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973427/; classtype:trojan-activity;sid:81836527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.127.198"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973426/; classtype:trojan-activity;sid:81836526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.219.175.26"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973425/; classtype:trojan-activity;sid:81836525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.178.65"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973424/; classtype:trojan-activity;sid:81836524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.124.160.124"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973423/; classtype:trojan-activity;sid:81836523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.127.198"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973422/; classtype:trojan-activity;sid:81836522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.182.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973420/; classtype:trojan-activity;sid:81836520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.55.64"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973421/; classtype:trojan-activity;sid:81836521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.255.143.66"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973419/; classtype:trojan-activity;sid:81836519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.174.25"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973418/; classtype:trojan-activity;sid:81836518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.178.65"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973417/; classtype:trojan-activity;sid:81836517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.206.189"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973416/; classtype:trojan-activity;sid:81836516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.172.28"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973415/; classtype:trojan-activity;sid:81836515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.42.72"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973414/; classtype:trojan-activity;sid:81836514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.219.175.26"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973413/; classtype:trojan-activity;sid:81836513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.255.6"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973412/; classtype:trojan-activity;sid:81836512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.55.64"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973411/; classtype:trojan-activity;sid:81836511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.199.156.76"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973410/; classtype:trojan-activity;sid:81836510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.124.160.124"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973409/; classtype:trojan-activity;sid:81836509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.182.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973408/; classtype:trojan-activity;sid:81836508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.174.25"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973407/; classtype:trojan-activity;sid:81836507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.206.83"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973406/; classtype:trojan-activity;sid:81836506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.91.93"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973405/; classtype:trojan-activity;sid:81836505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.200.97"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973404/; classtype:trojan-activity;sid:81836504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.162.60"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973403/; classtype:trojan-activity;sid:81836503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.192"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973402/; classtype:trojan-activity;sid:81836502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.98.171"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973401/; classtype:trojan-activity;sid:81836501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.206.83"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973400/; classtype:trojan-activity;sid:81836500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.176.109.25"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973399/; classtype:trojan-activity;sid:81836499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.91.93"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973398/; classtype:trojan-activity;sid:81836498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.162.60"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973397/; classtype:trojan-activity;sid:81836497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.98.171"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973396/; classtype:trojan-activity;sid:81836496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.22.145"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973395/; classtype:trojan-activity;sid:81836495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.78.219"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973394/; classtype:trojan-activity;sid:81836494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1ivfjx6rrnsoelsh7alfg7to1hipcip0p|7c|26|7c|export=download"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973393/; classtype:trojan-activity;sid:81836493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.47.187"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973392/; classtype:trojan-activity;sid:81836492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.34.252.47"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973391/; classtype:trojan-activity;sid:81836491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/arm"; depth:14; endswith; nocase; http.host; content:"13.127.232.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973383/; classtype:trojan-activity;sid:81836483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/arm6"; depth:15; endswith; nocase; http.host; content:"13.127.232.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973386/; classtype:trojan-activity;sid:81836486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/arm7"; depth:15; endswith; nocase; http.host; content:"13.127.232.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973385/; classtype:trojan-activity;sid:81836485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/m68k"; depth:15; endswith; nocase; http.host; content:"13.127.232.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973384/; classtype:trojan-activity;sid:81836484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/mips"; depth:15; endswith; nocase; http.host; content:"13.127.232.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973389/; classtype:trojan-activity;sid:81836489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/mpsl"; depth:15; endswith; nocase; http.host; content:"13.127.232.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973387/; classtype:trojan-activity;sid:81836487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/ppc"; depth:14; endswith; nocase; http.host; content:"13.127.232.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973382/; classtype:trojan-activity;sid:81836482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/sh4"; depth:14; endswith; nocase; http.host; content:"13.127.232.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973390/; classtype:trojan-activity;sid:81836490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/x86"; depth:14; endswith; nocase; http.host; content:"13.127.232.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973388/; classtype:trojan-activity;sid:81836488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.78.219"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973381/; classtype:trojan-activity;sid:81836481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.68.59"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973380/; classtype:trojan-activity;sid:81836480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.130.29.51"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973379/; classtype:trojan-activity;sid:81836479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.199.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973378/; classtype:trojan-activity;sid:81836478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.36.0.162"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973376/; classtype:trojan-activity;sid:81836476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.202.163"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973377/; classtype:trojan-activity;sid:81836477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.229.54.242"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973374/; classtype:trojan-activity;sid:81836474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.248.192.48"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973375/; classtype:trojan-activity;sid:81836475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.171.157"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973373/; classtype:trojan-activity;sid:81836473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.26.89.226"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973369/; classtype:trojan-activity;sid:81836469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.253.139"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973371/; classtype:trojan-activity;sid:81836471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.174.11"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973370/; classtype:trojan-activity;sid:81836470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaladoc/vbc.exe"; depth:16; endswith; nocase; http.host; content:"kalamikwsdyonlinwtmg.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973372/; classtype:trojan-activity;sid:81836472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.123.239.206"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973368/; classtype:trojan-activity;sid:81836468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.30.1.194"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973366/; classtype:trojan-activity;sid:81836466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.8.205"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973364/; classtype:trojan-activity;sid:81836464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.151.32"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973367/; classtype:trojan-activity;sid:81836467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.220.235"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973365/; classtype:trojan-activity;sid:81836465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"211.34.252.47"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973363/; classtype:trojan-activity;sid:81836463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/receipmt/regasm.exe"; depth:20; endswith; nocase; http.host; content:"mslogwsdyinvestmntws.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973361/; classtype:trojan-activity;sid:81836461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibidoc/regasm.exe"; depth:18; endswith; nocase; http.host; content:"wsdyibgreenkeghewsyt.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973362/; classtype:trojan-activity;sid:81836462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workedgames/worked/worked.exe"; depth:30; endswith; nocase; http.host; content:"workedgames.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973360/; classtype:trojan-activity;sid:81836460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workedgames/games/games.exe"; depth:28; endswith; nocase; http.host; content:"workedgames.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973359/; classtype:trojan-activity;sid:81836459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkts/d1.exe"; depth:12; endswith; nocase; http.host; content:"35.159.22.77"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973357/; classtype:trojan-activity;sid:81836457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkts/d2.exe"; depth:12; endswith; nocase; http.host; content:"35.159.22.77"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973358/; classtype:trojan-activity;sid:81836458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.22.145"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973356/; classtype:trojan-activity;sid:81836456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nanoserver%202021_fbios39.bin"; depth:30; endswith; nocase; http.host; content:"bopheloclub.org"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973355/; classtype:trojan-activity;sid:81836455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uvtkxnkg39p81cau8joskwc92bwd8jgj"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973353/; classtype:trojan-activity;sid:81836453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zqng20kb6tvhdx4p6vr__gcsz_g-1ffz"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973354/; classtype:trojan-activity;sid:81836454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/remcos-72_ldwek106.bin"; depth:23; endswith; nocase; http.host; content:"bopheloclub.org"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973352/; classtype:trojan-activity;sid:81836452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/bin_frqgqem78.bin"; depth:37; endswith; nocase; http.host; content:"leinehoomwp.bstudev.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973351/; classtype:trojan-activity;sid:81836451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.24.28.41"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973350/; classtype:trojan-activity;sid:81836450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.216.250"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973349/; classtype:trojan-activity;sid:81836449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bestof/gfers.exe"; depth:17; endswith; nocase; http.host; content:"noabuseshere.top"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973348/; classtype:trojan-activity;sid:81836448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.72.87.151"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973347/; classtype:trojan-activity;sid:81836447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.216.250"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973346/; classtype:trojan-activity;sid:81836446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.139.135"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973345/; classtype:trojan-activity;sid:81836445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.68.219"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973344/; classtype:trojan-activity;sid:81836444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.24.28.41"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973343/; classtype:trojan-activity;sid:81836443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.72.87.151"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973342/; classtype:trojan-activity;sid:81836442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.175.159"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973341/; classtype:trojan-activity;sid:81836441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.107.119.128"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973340/; classtype:trojan-activity;sid:81836440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/controller/event/q1/img_04017.pdf"; depth:40; endswith; nocase; http.host; content:"m-technics.kz"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973339/; classtype:trojan-activity;sid:81836439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.107.119.128"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973338/; classtype:trojan-activity;sid:81836438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc7356a3333e6999999999/init.sh"; depth:31; endswith; nocase; http.host; content:"82.202.66.50"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973337/; classtype:trojan-activity;sid:81836437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jxju3zoy.rar"; depth:13; endswith; nocase; http.host; content:"n3avigate.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973336/; classtype:trojan-activity;sid:81836436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ww6takt0.zip"; depth:13; endswith; nocase; http.host; content:"thedesiphotographer.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973335/; classtype:trojan-activity;sid:81836435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro8lb0d.rar"; depth:12; endswith; nocase; http.host; content:"drapac.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973334/; classtype:trojan-activity;sid:81836434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jfea0e.rar"; depth:11; endswith; nocase; http.host; content:"annocart.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973329/; classtype:trojan-activity;sid:81836429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x0mza6.zip"; depth:11; endswith; nocase; http.host; content:"hechiceriadeamormaestrabelen.com.hechiceriadeamormaestrabelen.com"; depth:65; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973333/; classtype:trojan-activity;sid:81836433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r72vl8s.zip"; depth:12; endswith; nocase; http.host; content:"love2.ivpr.org"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973327/; classtype:trojan-activity;sid:81836427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lqfc6rf.zip"; depth:12; endswith; nocase; http.host; content:"myvisualtrade.dpstore.retailcube.eu"; depth:35; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973328/; classtype:trojan-activity;sid:81836428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idyd7wsi3.rar"; depth:14; endswith; nocase; http.host; content:"ns1.data-hub.in"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973332/; classtype:trojan-activity;sid:81836432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fma6kgeu.zip"; depth:13; endswith; nocase; http.host; content:"paradise-girl69.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973331/; classtype:trojan-activity;sid:81836431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eps75z5u.zip"; depth:13; endswith; nocase; http.host; content:"puppy.zumatra.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973330/; classtype:trojan-activity;sid:81836430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cool/mfpvt-ficheroes.zip"; depth:25; endswith; nocase; http.host; content:"fubbr.com"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973326/; classtype:trojan-activity;sid:81836426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/ezemeneroaelenozi.djx"; depth:27; endswith; nocase; http.host; content:"web.groupe-convergence.com"; depth:26; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973325/; classtype:trojan-activity;sid:81836425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.175.159"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973324/; classtype:trojan-activity;sid:81836424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.246.178.200"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973323/; classtype:trojan-activity;sid:81836423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.15.39"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973322/; classtype:trojan-activity;sid:81836422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.94.110"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973321/; classtype:trojan-activity;sid:81836421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vidbox_setup.exe"; depth:17; endswith; nocase; http.host; content:"45.137.148.8"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973320/; classtype:trojan-activity;sid:81836420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.64.220"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973319/; classtype:trojan-activity;sid:81836419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"75.33.94.69"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973318/; classtype:trojan-activity;sid:81836418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.232.188"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973317/; classtype:trojan-activity;sid:81836417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.190.46"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973316/; classtype:trojan-activity;sid:81836416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nitedoc/vbc.exe"; depth:16; endswith; nocase; http.host; content:"wsdynitengymndynatin.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973315/; classtype:trojan-activity;sid:81836415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"75.33.94.69"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973314/; classtype:trojan-activity;sid:81836414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.87.25"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973313/; classtype:trojan-activity;sid:81836413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.45.11.198"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973312/; classtype:trojan-activity;sid:81836412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.232.188"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973311/; classtype:trojan-activity;sid:81836411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.27.124.120"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973310/; classtype:trojan-activity;sid:81836410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qc2kbs.zip"; depth:11; endswith; nocase; http.host; content:"staging.apparelpunch.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973309/; classtype:trojan-activity;sid:81836409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hknmwj.zip"; depth:11; endswith; nocase; http.host; content:"stellarum.com.br"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973306/; classtype:trojan-activity;sid:81836406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voa61g.zip"; depth:11; endswith; nocase; http.host; content:"aviso2.grupoint.com.ec"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973307/; classtype:trojan-activity;sid:81836407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pzozyqm.zip"; depth:12; endswith; nocase; http.host; content:"jrscap.in"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973308/; classtype:trojan-activity;sid:81836408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o9q4s4k1.rar"; depth:13; endswith; nocase; http.host; content:"sunfiltre.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973305/; classtype:trojan-activity;sid:81836405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/or3peb.rar"; depth:11; endswith; nocase; http.host; content:"shopandmartonline.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973304/; classtype:trojan-activity;sid:81836404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svym5f3.rar"; depth:12; endswith; nocase; http.host; content:"xpectral.xpectral-peru.com"; depth:26; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973303/; classtype:trojan-activity;sid:81836403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bqnolqodx.zip"; depth:14; endswith; nocase; http.host; content:"demo.edu-desk.net"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973302/; classtype:trojan-activity;sid:81836402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clh6qq.zip"; depth:11; endswith; nocase; http.host; content:"creditoenusa.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973301/; classtype:trojan-activity;sid:81836401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k7e1ga.rar"; depth:11; endswith; nocase; http.host; content:"new.aesthetic.com.co"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973300/; classtype:trojan-activity;sid:81836400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xc1eq9z.zip"; depth:12; endswith; nocase; http.host; content:"creativemediamw.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973299/; classtype:trojan-activity;sid:81836399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s2j60o.zip"; depth:11; endswith; nocase; http.host; content:"digitainment.com.np"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973298/; classtype:trojan-activity;sid:81836398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.164.5"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973297/; classtype:trojan-activity;sid:81836397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohqo96q7.rar"; depth:13; endswith; nocase; http.host; content:"betavitamines.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973296/; classtype:trojan-activity;sid:81836396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.232.17.216"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973295/; classtype:trojan-activity;sid:81836395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.21.6.162"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973294/; classtype:trojan-activity;sid:81836394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.23.24.187"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973293/; classtype:trojan-activity;sid:81836393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z7ijc2en2.rar"; depth:14; endswith; nocase; http.host; content:"acessoriodasorveteria.com.br"; depth:28; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973292/; classtype:trojan-activity;sid:81836392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gjeicn6u9.rar"; depth:14; endswith; nocase; http.host; content:"reliablelifts.co.in"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973291/; classtype:trojan-activity;sid:81836391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ravaqf1g.rar"; depth:13; endswith; nocase; http.host; content:"calgaryinfillsguide.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973289/; classtype:trojan-activity;sid:81836389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/th7etz.rar"; depth:11; endswith; nocase; http.host; content:"sharenpair.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973290/; classtype:trojan-activity;sid:81836390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c486y6r.zip"; depth:12; endswith; nocase; http.host; content:"www.whatsguydoing.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973288/; classtype:trojan-activity;sid:81836388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cmgj6xnc.zip"; depth:13; endswith; nocase; http.host; content:"redesignyou.net"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973287/; classtype:trojan-activity;sid:81836387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bsfqzlq.rar"; depth:12; endswith; nocase; http.host; content:"agtv.ge"; depth:7; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973286/; classtype:trojan-activity;sid:81836386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.87.25"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973285/; classtype:trojan-activity;sid:81836385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kx7zemj8.rar"; depth:13; endswith; nocase; http.host; content:"kreatif-fotos.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973284/; classtype:trojan-activity;sid:81836384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qa8a2gl.rar"; depth:12; endswith; nocase; http.host; content:"roltek.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973283/; classtype:trojan-activity;sid:81836383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah8ka37.zip"; depth:12; endswith; nocase; http.host; content:"ingenieriaygestion.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973280/; classtype:trojan-activity;sid:81836380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xhqj3qvt.rar"; depth:13; endswith; nocase; http.host; content:"carlzed.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973279/; classtype:trojan-activity;sid:81836379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edtaohoa.rar"; depth:13; endswith; nocase; http.host; content:"minasidhom.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973281/; classtype:trojan-activity;sid:81836381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntoiht.rar"; depth:11; endswith; nocase; http.host; content:"xn--polimerbizmimarlk-rvc.com"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973282/; classtype:trojan-activity;sid:81836382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1ot6fgt.rar"; depth:13; endswith; nocase; http.host; content:"nochebuena.online"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973277/; classtype:trojan-activity;sid:81836377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utkvjyvjc.zip"; depth:14; endswith; nocase; http.host; content:"santosh.ravan606.ifunnelspro.com"; depth:32; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973278/; classtype:trojan-activity;sid:81836378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f0g6rjq.zip"; depth:12; endswith; nocase; http.host; content:"alborada.com.py"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973276/; classtype:trojan-activity;sid:81836376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zknd45a.zip"; depth:12; endswith; nocase; http.host; content:"vinaygawde.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973275/; classtype:trojan-activity;sid:81836375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e8nhodft.zip"; depth:13; endswith; nocase; http.host; content:"stephanetouboul.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973274/; classtype:trojan-activity;sid:81836374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kqa0zh7o.rar"; depth:13; endswith; nocase; http.host; content:"2n35.com"; depth:8; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973270/; classtype:trojan-activity;sid:81836370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n1q4lmdv.rar"; depth:13; endswith; nocase; http.host; content:"bestcarenepal.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973272/; classtype:trojan-activity;sid:81836372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qvpr0aepa.zip"; depth:14; endswith; nocase; http.host; content:"t-gfa.com"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973267/; classtype:trojan-activity;sid:81836367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cf1lpzba4.rar"; depth:14; endswith; nocase; http.host; content:"marblearchschool.in"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973268/; classtype:trojan-activity;sid:81836368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zqtjhf.rar"; depth:11; endswith; nocase; http.host; content:"milkwoodonlovemore.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973273/; classtype:trojan-activity;sid:81836373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms821x.zip"; depth:12; endswith; nocase; http.host; content:"tracytegeler.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973269/; classtype:trojan-activity;sid:81836369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uelxwr5.zip"; depth:12; endswith; nocase; http.host; content:"wintatalodge.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973271/; classtype:trojan-activity;sid:81836371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xr9tj84cu.zip"; depth:14; endswith; nocase; http.host; content:"btcghanaltd.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973266/; classtype:trojan-activity;sid:81836366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tytyzwdg3.rar"; depth:14; endswith; nocase; http.host; content:"reginaclubs.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973265/; classtype:trojan-activity;sid:81836365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r3kqicd2s.zip"; depth:14; endswith; nocase; http.host; content:"clinicaspiedraazul.techsavvyway.com"; depth:35; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973264/; classtype:trojan-activity;sid:81836364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vpts.co.za//fpkq9d.zip"; depth:23; endswith; nocase; http.host; content:"vpts.co.za"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973263/; classtype:trojan-activity;sid:81836363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wf96ritsj.zip"; depth:14; endswith; nocase; http.host; content:"amozesh.esampad.ir"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973261/; classtype:trojan-activity;sid:81836361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zh4siqs.rar"; depth:12; endswith; nocase; http.host; content:"evershineenterprises.co.in"; depth:26; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973262/; classtype:trojan-activity;sid:81836362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iq76v84.rar"; depth:12; endswith; nocase; http.host; content:"cavalcantiparticipacoes.com.br"; depth:30; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973258/; classtype:trojan-activity;sid:81836358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ovga4w7t4.zip"; depth:14; endswith; nocase; http.host; content:"news.ehaat.net"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973260/; classtype:trojan-activity;sid:81836360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d5m5vrsle.zip"; depth:14; endswith; nocase; http.host; content:"parkhussion.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973257/; classtype:trojan-activity;sid:81836357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l3v7tq4.rar"; depth:12; endswith; nocase; http.host; content:"qsf.surfescape.net"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973259/; classtype:trojan-activity;sid:81836359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z8lkolzvb.rar"; depth:14; endswith; nocase; http.host; content:"trabzonprefabrik.net"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973256/; classtype:trojan-activity;sid:81836356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x205ymb2n.rar"; depth:14; endswith; nocase; http.host; content:"mikronett.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973255/; classtype:trojan-activity;sid:81836355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.43.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973254/; classtype:trojan-activity;sid:81836354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.100.221.197"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973253/; classtype:trojan-activity;sid:81836353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.92.81.178"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973252/; classtype:trojan-activity;sid:81836352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.5.254.222"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973251/; classtype:trojan-activity;sid:81836351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.180.227"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973250/; classtype:trojan-activity;sid:81836350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.36.217"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973249/; classtype:trojan-activity;sid:81836349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.142.178"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973248/; classtype:trojan-activity;sid:81836348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.138.43"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973247/; classtype:trojan-activity;sid:81836347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.11.186"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973245/; classtype:trojan-activity;sid:81836345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.138.219"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973244/; classtype:trojan-activity;sid:81836344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.139.217"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973246/; classtype:trojan-activity;sid:81836346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.171.39"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973243/; classtype:trojan-activity;sid:81836343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.75.56.111"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973242/; classtype:trojan-activity;sid:81836342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.23.90.25"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973239/; classtype:trojan-activity;sid:81836339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.163.250"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973238/; classtype:trojan-activity;sid:81836338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.25.87"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973241/; classtype:trojan-activity;sid:81836341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.39.53"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973240/; classtype:trojan-activity;sid:81836340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.97.123"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973237/; classtype:trojan-activity;sid:81836337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.82.145.131"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973236/; classtype:trojan-activity;sid:81836336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alc3/inst.exe"; depth:14; endswith; nocase; http.host; content:"192.145.37.92"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973235/; classtype:trojan-activity;sid:81836335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.43.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973234/; classtype:trojan-activity;sid:81836334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.51.107.99"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973233/; classtype:trojan-activity;sid:81836333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.23.24.187"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973232/; classtype:trojan-activity;sid:81836332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.21.6.162"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973231/; classtype:trojan-activity;sid:81836331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoqvn/5555555555.jpg"; depth:22; endswith; nocase; http.host; content:"www.webdevelopmentinlahore.com"; depth:30; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973230/; classtype:trojan-activity;sid:81836330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbpxyo/5555555555.jpg"; depth:22; endswith; nocase; http.host; content:"rishtee.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973229/; classtype:trojan-activity;sid:81836329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qextstpcuumf/5555555555.jpg"; depth:28; endswith; nocase; http.host; content:"bbpqtf.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973228/; classtype:trojan-activity;sid:81836328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hjmrcv/5555555555.jpg"; depth:22; endswith; nocase; http.host; content:"digital-box.fr"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973227/; classtype:trojan-activity;sid:81836327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.204.8"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973226/; classtype:trojan-activity;sid:81836326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/norzygt/5555555555.jpg"; depth:23; endswith; nocase; http.host; content:"leafybuy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973225/; classtype:trojan-activity;sid:81836325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/arm"; depth:14; endswith; nocase; http.host; content:"13.233.144.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973216/; classtype:trojan-activity;sid:81836316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/arm6"; depth:15; endswith; nocase; http.host; content:"13.233.144.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973218/; classtype:trojan-activity;sid:81836318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/arm7"; depth:15; endswith; nocase; http.host; content:"13.233.144.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973224/; classtype:trojan-activity;sid:81836324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/m68k"; depth:15; endswith; nocase; http.host; content:"13.233.144.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973220/; classtype:trojan-activity;sid:81836320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/mips"; depth:15; endswith; nocase; http.host; content:"13.233.144.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973217/; classtype:trojan-activity;sid:81836317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/mpsl"; depth:15; endswith; nocase; http.host; content:"13.233.144.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973221/; classtype:trojan-activity;sid:81836321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/ppc"; depth:14; endswith; nocase; http.host; content:"13.233.144.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973219/; classtype:trojan-activity;sid:81836319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/sh4"; depth:14; endswith; nocase; http.host; content:"13.233.144.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973223/; classtype:trojan-activity;sid:81836323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinataiot/x86"; depth:14; endswith; nocase; http.host; content:"13.233.144.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973222/; classtype:trojan-activity;sid:81836322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.91.178.12"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973215/; classtype:trojan-activity;sid:81836315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.142.159"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973214/; classtype:trojan-activity;sid:81836314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qzkiodlofm/5555555555.jpg"; depth:26; endswith; nocase; http.host; content:"www.toteteca.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973213/; classtype:trojan-activity;sid:81836313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.222.199.141"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973212/; classtype:trojan-activity;sid:81836312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.78.39.17"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973211/; classtype:trojan-activity;sid:81836311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.40.82"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973210/; classtype:trojan-activity;sid:81836310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.30.4.105"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973209/; classtype:trojan-activity;sid:81836309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.160.63"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973208/; classtype:trojan-activity;sid:81836308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/kdotx.scr"; depth:22; endswith; nocase; http.host; content:"tunedinblog.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973207/; classtype:trojan-activity;sid:81836307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.60.106.109"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973206/; classtype:trojan-activity;sid:81836306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.165.24"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973205/; classtype:trojan-activity;sid:81836305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.59"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973204/; classtype:trojan-activity;sid:81836304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.4.157.34"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973203/; classtype:trojan-activity;sid:81836303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.111.42.241"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973202/; classtype:trojan-activity;sid:81836302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.164.155"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973201/; classtype:trojan-activity;sid:81836301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"187.103.82.126"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973200/; classtype:trojan-activity;sid:81836300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.60.106.109"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973199/; classtype:trojan-activity;sid:81836299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.59"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973198/; classtype:trojan-activity;sid:81836298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.204.21.157"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973197/; classtype:trojan-activity;sid:81836297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.4.157.34"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973196/; classtype:trojan-activity;sid:81836296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.202.37"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973195/; classtype:trojan-activity;sid:81836295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.181.102"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973194/; classtype:trojan-activity;sid:81836294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.214.101"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973193/; classtype:trojan-activity;sid:81836293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.202.37"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973192/; classtype:trojan-activity;sid:81836292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.118.199"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973191/; classtype:trojan-activity;sid:81836291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.214.101"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973190/; classtype:trojan-activity;sid:81836290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.35.225.36"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973189/; classtype:trojan-activity;sid:81836289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.229.54.161"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973188/; classtype:trojan-activity;sid:81836288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.82.49.120"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973187/; classtype:trojan-activity;sid:81836287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.222.195.73"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973186/; classtype:trojan-activity;sid:81836286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.61.38.251"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973185/; classtype:trojan-activity;sid:81836285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.252.199"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973182/; classtype:trojan-activity;sid:81836282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.94.183.18"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973183/; classtype:trojan-activity;sid:81836283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.105.17"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973184/; classtype:trojan-activity;sid:81836284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.203.183"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973181/; classtype:trojan-activity;sid:81836281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.141.211"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973180/; classtype:trojan-activity;sid:81836280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.108.182"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973175/; classtype:trojan-activity;sid:81836275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.175.165"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973178/; classtype:trojan-activity;sid:81836278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.52.175"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973179/; classtype:trojan-activity;sid:81836279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.147.37"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973177/; classtype:trojan-activity;sid:81836277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.175.221"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973176/; classtype:trojan-activity;sid:81836276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.255.20.156"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973174/; classtype:trojan-activity;sid:81836274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.138.184"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973173/; classtype:trojan-activity;sid:81836273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.180.199"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973172/; classtype:trojan-activity;sid:81836272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.80.86"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973171/; classtype:trojan-activity;sid:81836271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byd2p9.zip"; depth:11; endswith; nocase; http.host; content:"urbantrapfest.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973170/; classtype:trojan-activity;sid:81836270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yqqu2ex.zip"; depth:12; endswith; nocase; http.host; content:"web.guatemayavirtual.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973169/; classtype:trojan-activity;sid:81836269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdwzkmx.rar"; depth:12; endswith; nocase; http.host; content:"vienen.gblix.srv.br"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973168/; classtype:trojan-activity;sid:81836268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hasb2l.zip"; depth:11; endswith; nocase; http.host; content:"str.shoppclick.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973166/; classtype:trojan-activity;sid:81836266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbmbyhh.rar"; depth:12; endswith; nocase; http.host; content:"thnconsult.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973167/; classtype:trojan-activity;sid:81836267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k5fhmlr.zip"; depth:12; endswith; nocase; http.host; content:"mail.qcvmail.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973165/; classtype:trojan-activity;sid:81836265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcp05s.zip"; depth:11; endswith; nocase; http.host; content:"marlenesbrothel.com.au"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973164/; classtype:trojan-activity;sid:81836264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mq722o00t.rar"; depth:14; endswith; nocase; http.host; content:"4evakleen.com.au"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973162/; classtype:trojan-activity;sid:81836262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wiwl81d.zip"; depth:12; endswith; nocase; http.host; content:"junzhang.webme.us"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973163/; classtype:trojan-activity;sid:81836263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nbwqh6n0.zip"; depth:13; endswith; nocase; http.host; content:"picinfor.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973161/; classtype:trojan-activity;sid:81836261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ya75s29h.zip"; depth:13; endswith; nocase; http.host; content:"franchising.phone-recovery.it"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973159/; classtype:trojan-activity;sid:81836259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gsb509kb.rar"; depth:13; endswith; nocase; http.host; content:"valeriaromero.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973160/; classtype:trojan-activity;sid:81836260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/er7itgi.rar"; depth:12; endswith; nocase; http.host; content:"agritork.com.tr"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973158/; classtype:trojan-activity;sid:81836258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/szuadd.rar"; depth:11; endswith; nocase; http.host; content:"taoyonghao.webme.us"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973157/; classtype:trojan-activity;sid:81836257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jf8s8z.rar"; depth:11; endswith; nocase; http.host; content:"messagesecurepaypal.duckdns.org"; depth:31; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973156/; classtype:trojan-activity;sid:81836256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwujyxoyd.rar"; depth:14; endswith; nocase; http.host; content:"40fortyfoods.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973154/; classtype:trojan-activity;sid:81836254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gj1qlwo.rar"; depth:12; endswith; nocase; http.host; content:"plajart.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973152/; classtype:trojan-activity;sid:81836252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cm96j9axl.zip"; depth:14; endswith; nocase; http.host; content:"qdtoolkit.thelaeffect.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973155/; classtype:trojan-activity;sid:81836255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od14p7v.rar"; depth:12; endswith; nocase; http.host; content:"vanzare.cabanabrazi2.ro"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973153/; classtype:trojan-activity;sid:81836253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qh528ype.zip"; depth:13; endswith; nocase; http.host; content:"messagesecureapp.duckdns.org"; depth:28; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973151/; classtype:trojan-activity;sid:81836251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lzvngo469.rar"; depth:14; endswith; nocase; http.host; content:"controlcenter.mystand.pt"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973150/; classtype:trojan-activity;sid:81836250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eev8fmc.rar"; depth:12; endswith; nocase; http.host; content:"noblesteel.com.au"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973149/; classtype:trojan-activity;sid:81836249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x16t6gr7.zip"; depth:13; endswith; nocase; http.host; content:"lanjar.seriesnow.website"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973147/; classtype:trojan-activity;sid:81836247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qbeda328.rar"; depth:13; endswith; nocase; http.host; content:"ofice.seriesnow.website"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973148/; classtype:trojan-activity;sid:81836248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t7kw7bb.zip"; depth:12; endswith; nocase; http.host; content:"0007.name"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973144/; classtype:trojan-activity;sid:81836244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dq9b7u.zip"; depth:11; endswith; nocase; http.host; content:"demo.opacokitchens.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973145/; classtype:trojan-activity;sid:81836245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spqo38ic.zip"; depth:13; endswith; nocase; http.host; content:"sellitzer.perkss.co.uk"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973146/; classtype:trojan-activity;sid:81836246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zklovc4vb.rar"; depth:14; endswith; nocase; http.host; content:"bigcomics.cf"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973143/; classtype:trojan-activity;sid:81836243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kek4cz.zip"; depth:11; endswith; nocase; http.host; content:"oasis.ivpr.org"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973141/; classtype:trojan-activity;sid:81836241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zo8me9g.rar"; depth:12; endswith; nocase; http.host; content:"sanelcorp.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973142/; classtype:trojan-activity;sid:81836242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abwtwv3x.zip"; depth:13; endswith; nocase; http.host; content:"app-halifax-mobileverification-mobileappupdate-system-update.cgsconstructores.com"; depth:81; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973140/; classtype:trojan-activity;sid:81836240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vy6evt.zip"; depth:11; endswith; nocase; http.host; content:"challengebarbell.co.in"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973139/; classtype:trojan-activity;sid:81836239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ex4k9x.zip"; depth:11; endswith; nocase; http.host; content:"misturafinapizzaria.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973138/; classtype:trojan-activity;sid:81836238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grh5fw.rar"; depth:11; endswith; nocase; http.host; content:"nlmcvt.blissgene.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973136/; classtype:trojan-activity;sid:81836236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbaobi.zip"; depth:11; endswith; nocase; http.host; content:"queensradiationtherapy.com"; depth:26; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973137/; classtype:trojan-activity;sid:81836237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upeb9y2m.rar"; depth:13; endswith; nocase; http.host; content:"dentart.elitemarketing.hu"; depth:25; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973135/; classtype:trojan-activity;sid:81836235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sgo2vq0.zip"; depth:12; endswith; nocase; http.host; content:"peau2.ivpr.org"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973134/; classtype:trojan-activity;sid:81836234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rexj53wq.zip"; depth:13; endswith; nocase; http.host; content:"trezors.io.mahlongwa.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973133/; classtype:trojan-activity;sid:81836233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wyvnrv0z.rar"; depth:13; endswith; nocase; http.host; content:"download.nepalesehost.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973132/; classtype:trojan-activity;sid:81836232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pymp0wkh.zip"; depth:13; endswith; nocase; http.host; content:"shadowsecinjector.cf"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973131/; classtype:trojan-activity;sid:81836231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kzwc4s.zip"; depth:11; endswith; nocase; http.host; content:"cpanel.takeorders.co.uk"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973130/; classtype:trojan-activity;sid:81836230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssvklay.rar"; depth:12; endswith; nocase; http.host; content:"ebay.vehicle.sales.aketbd.com"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973129/; classtype:trojan-activity;sid:81836229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z90r05.rar"; depth:11; endswith; nocase; http.host; content:"jaalifestyle.my.id"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973128/; classtype:trojan-activity;sid:81836228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bsanc5ak.zip"; depth:13; endswith; nocase; http.host; content:"miloscolic.bplaced.net"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973126/; classtype:trojan-activity;sid:81836226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hk1sqc.rar"; depth:11; endswith; nocase; http.host; content:"t4p.autors.pt"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973127/; classtype:trojan-activity;sid:81836227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k92u9vb.rar"; depth:12; endswith; nocase; http.host; content:"down.seriesnow.website"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973125/; classtype:trojan-activity;sid:81836225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xax7k4mlp.zip"; depth:14; endswith; nocase; http.host; content:"ozdomb.elitemarketing.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973124/; classtype:trojan-activity;sid:81836224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bde07cx.zip"; depth:12; endswith; nocase; http.host; content:"scrap.nepalesehost.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973121/; classtype:trojan-activity;sid:81836221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/duruhbp6.zip"; depth:13; endswith; nocase; http.host; content:"staging.lincmagazine.deveyesgroup.com"; depth:37; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973123/; classtype:trojan-activity;sid:81836223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbd2ng4j.zip"; depth:13; endswith; nocase; http.host; content:"wiki.deveyesgroup.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973122/; classtype:trojan-activity;sid:81836222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.63.120"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973120/; classtype:trojan-activity;sid:81836220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lin58hwsh.zip"; depth:14; endswith; nocase; http.host; content:"immigration.omsms.in"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973119/; classtype:trojan-activity;sid:81836219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dkwjfvif.zip"; depth:13; endswith; nocase; http.host; content:"areins.org"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973118/; classtype:trojan-activity;sid:81836218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ivt9yh12.rar"; depth:13; endswith; nocase; http.host; content:"funamituristico.org"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973114/; classtype:trojan-activity;sid:81836214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jpfnnl2g.zip"; depth:13; endswith; nocase; http.host; content:"imbueautoworx.co.za"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973115/; classtype:trojan-activity;sid:81836215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nzr55o.zip"; depth:11; endswith; nocase; http.host; content:"afautomotores.com.py"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973116/; classtype:trojan-activity;sid:81836216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iri3np7.rar"; depth:12; endswith; nocase; http.host; content:"demo.omsms.in"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973112/; classtype:trojan-activity;sid:81836212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sj5a1ajw.rar"; depth:13; endswith; nocase; http.host; content:"royallogistic.info"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973113/; classtype:trojan-activity;sid:81836213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w50lew.zip"; depth:11; endswith; nocase; http.host; content:"torresquinterocorp.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973117/; classtype:trojan-activity;sid:81836217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h33pky.rar"; depth:11; endswith; nocase; http.host; content:"isiphephelocon.co.za"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973111/; classtype:trojan-activity;sid:81836211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fjkfv3s.zip"; depth:12; endswith; nocase; http.host; content:"liquidglovehandsanitizer.com"; depth:28; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973110/; classtype:trojan-activity;sid:81836210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oc87ak5.rar"; depth:12; endswith; nocase; http.host; content:"amirartstudio.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973109/; classtype:trojan-activity;sid:81836209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihrlkispj.zip"; depth:14; endswith; nocase; http.host; content:"itake1.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973108/; classtype:trojan-activity;sid:81836208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bdu3uazp.zip"; depth:13; endswith; nocase; http.host; content:"arm.backyardproject.net"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973105/; classtype:trojan-activity;sid:81836205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ot0g7ot.zip"; depth:12; endswith; nocase; http.host; content:"huevacations.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973107/; classtype:trojan-activity;sid:81836207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fmqmmw.zip"; depth:11; endswith; nocase; http.host; content:"uisusa.uisusa.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973106/; classtype:trojan-activity;sid:81836206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibnt6ia.rar"; depth:12; endswith; nocase; http.host; content:"f1sol.com"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973103/; classtype:trojan-activity;sid:81836203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j0wq82a.zip"; depth:12; endswith; nocase; http.host; content:"tit.elitemarketing.hu"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973101/; classtype:trojan-activity;sid:81836201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdq3lsdzp.zip"; depth:14; endswith; nocase; http.host; content:"atamakultura.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973102/; classtype:trojan-activity;sid:81836202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/megv9bls6.zip"; depth:14; endswith; nocase; http.host; content:"rajibpalit.ifunnelspro.com"; depth:26; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973104/; classtype:trojan-activity;sid:81836204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bmaxb7d.zip"; depth:12; endswith; nocase; http.host; content:"tokajkonferencia.elitemarketing.hu"; depth:34; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973100/; classtype:trojan-activity;sid:81836200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k9kl6e.rar"; depth:11; endswith; nocase; http.host; content:"www.networkaruba.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973099/; classtype:trojan-activity;sid:81836199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bhn10bigh.rar"; depth:14; endswith; nocase; http.host; content:"2015.grupokeithmar.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973097/; classtype:trojan-activity;sid:81836197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lev5e9.rar"; depth:11; endswith; nocase; http.host; content:"teneth.co.za"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973098/; classtype:trojan-activity;sid:81836198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeknas.rar"; depth:11; endswith; nocase; http.host; content:"supergrafperu.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973096/; classtype:trojan-activity;sid:81836196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lss2lh.zip"; depth:11; endswith; nocase; http.host; content:"freightnet.drapac.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973095/; classtype:trojan-activity;sid:81836195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zlmfkl.rar"; depth:11; endswith; nocase; http.host; content:"app.mirrorlabelsindia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973094/; classtype:trojan-activity;sid:81836194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o3ef15.rar"; depth:11; endswith; nocase; http.host; content:"mertlog.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973092/; classtype:trojan-activity;sid:81836192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k1xjwsax.zip"; depth:13; endswith; nocase; http.host; content:"smsh.care"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973093/; classtype:trojan-activity;sid:81836193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rybt1i.rar"; depth:11; endswith; nocase; http.host; content:"fakihlaw.atwebpages.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973091/; classtype:trojan-activity;sid:81836191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t39cqvcu.rar"; depth:13; endswith; nocase; http.host; content:"gonzalezsirit.techsavvyway.com"; depth:30; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973090/; classtype:trojan-activity;sid:81836190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.88.155"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973089/; classtype:trojan-activity;sid:81836189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.45.196.2"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973088/; classtype:trojan-activity;sid:81836188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.0.214"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973087/; classtype:trojan-activity;sid:81836187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.63.120"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973086/; classtype:trojan-activity;sid:81836186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.117.3"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973085/; classtype:trojan-activity;sid:81836185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.0.214"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973084/; classtype:trojan-activity;sid:81836184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.88.155"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973083/; classtype:trojan-activity;sid:81836183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/few/10.jpg"; depth:11; endswith; nocase; http.host; content:"207.148.110.29"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973082/; classtype:trojan-activity;sid:81836182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.117.3"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973081/; classtype:trojan-activity;sid:81836181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.129.125"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973080/; classtype:trojan-activity;sid:81836180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.178.193.2"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973079/; classtype:trojan-activity;sid:81836179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.190.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973078/; classtype:trojan-activity;sid:81836178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.224.85"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973077/; classtype:trojan-activity;sid:81836177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.40.154"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973076/; classtype:trojan-activity;sid:81836176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m|7c|3b|7c|$"; depth:18; endswith; nocase; http.host; content:"182.117.128.232"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973075/; classtype:trojan-activity;sid:81836175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.129.125"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973074/; classtype:trojan-activity;sid:81836174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.190.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973073/; classtype:trojan-activity;sid:81836173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.47.60"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973072/; classtype:trojan-activity;sid:81836172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.224.85"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973071/; classtype:trojan-activity;sid:81836171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.97.147"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973070/; classtype:trojan-activity;sid:81836170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.40.154"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973069/; classtype:trojan-activity;sid:81836169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.47.60"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973068/; classtype:trojan-activity;sid:81836168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.188.194.74"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973067/; classtype:trojan-activity;sid:81836167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softdl.360tpcdn.com/moloengkids/moloengkids_1.5.0.0.exe"; depth:56; endswith; nocase; http.host; content:"124.165.123.7"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973066/; classtype:trojan-activity;sid:81836166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.206.142"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973065/; classtype:trojan-activity;sid:81836165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.123.134"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973064/; classtype:trojan-activity;sid:81836164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.149.80"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973063/; classtype:trojan-activity;sid:81836163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.216.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973062/; classtype:trojan-activity;sid:81836162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.123.134"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973061/; classtype:trojan-activity;sid:81836161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.42.34"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973060/; classtype:trojan-activity;sid:81836160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.15.9"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973059/; classtype:trojan-activity;sid:81836159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.217.121.255"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973057/; classtype:trojan-activity;sid:81836157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.16.37"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973058/; classtype:trojan-activity;sid:81836158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.41.25.93"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973056/; classtype:trojan-activity;sid:81836156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.135.19"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973053/; classtype:trojan-activity;sid:81836153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.24.69.84"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973055/; classtype:trojan-activity;sid:81836155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.138.109"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973052/; classtype:trojan-activity;sid:81836152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.162.237"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973054/; classtype:trojan-activity;sid:81836154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.43.57"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973051/; classtype:trojan-activity;sid:81836151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.206.188"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973050/; classtype:trojan-activity;sid:81836150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.123.49"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973049/; classtype:trojan-activity;sid:81836149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.157.222"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973047/; classtype:trojan-activity;sid:81836147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.238.34"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973048/; classtype:trojan-activity;sid:81836148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.131.173.71"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973046/; classtype:trojan-activity;sid:81836146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.193.99.58"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973045/; classtype:trojan-activity;sid:81836145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/vdii0eyzz/"; depth:30; endswith; nocase; http.host; content:"vallerconstrutora.com.br"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973044/; classtype:trojan-activity;sid:81836144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/1eu/"; depth:7; endswith; nocase; http.host; content:"bookkeepingdoctor.co.uk"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973043/; classtype:trojan-activity;sid:81836143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rocketlike/1iqosgdg/"; depth:21; endswith; nocase; http.host; content:"lubdeco.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973042/; classtype:trojan-activity;sid:81836142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/fdm/"; depth:17; endswith; nocase; http.host; content:"www.bikemyday.se"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973040/; classtype:trojan-activity;sid:81836140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/administrator/xsboad33/"; depth:24; endswith; nocase; http.host; content:"www.peritidiparte.org"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973041/; classtype:trojan-activity;sid:81836141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/pbd1/"; depth:8; endswith; nocase; http.host; content:"ook7.com"; depth:8; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973039/; classtype:trojan-activity;sid:81836139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.193.99.58"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973038/; classtype:trojan-activity;sid:81836138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.42.147"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973037/; classtype:trojan-activity;sid:81836137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.6.192"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973036/; classtype:trojan-activity;sid:81836136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.123.25"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973035/; classtype:trojan-activity;sid:81836135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.15.9"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973034/; classtype:trojan-activity;sid:81836134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.118.237"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973033/; classtype:trojan-activity;sid:81836133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.6.192"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973032/; classtype:trojan-activity;sid:81836132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.118.237"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973031/; classtype:trojan-activity;sid:81836131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.101.126"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973030/; classtype:trojan-activity;sid:81836130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/5m/"; depth:15; endswith; nocase; http.host; content:"deshbangla71news.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973029/; classtype:trojan-activity;sid:81836129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.21.11.178"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973028/; classtype:trojan-activity;sid:81836128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.180.195"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973027/; classtype:trojan-activity;sid:81836127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/efficiency-all-iuehb/bjug3jyhuyilwhcqs3ykssaqqw7tpyvmypb91wtzdbluio1ekope5vrbbcx8zhdar9yt/"; depth:91; endswith; nocase; http.host; content:"nhipcauytevietnhat.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973026/; classtype:trojan-activity;sid:81836126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.53.89.239"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973025/; classtype:trojan-activity;sid:81836125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/ngtj/"; depth:18; endswith; nocase; http.host; content:"weinsteincounseling.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973024/; classtype:trojan-activity;sid:81836124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/hy1hdtbdphryygchx8rxfuyd1u03h9gqdgakn4ehikaozqe/"; depth:58; endswith; nocase; http.host; content:"photolinguist.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973023/; classtype:trojan-activity;sid:81836123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d4.jpg"; depth:7; endswith; nocase; http.host; content:"radio-hit.ro"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973022/; classtype:trojan-activity;sid:81836122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbf8jix.exe"; depth:12; endswith; nocase; http.host; content:"balanceathlete.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973021/; classtype:trojan-activity;sid:81836121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/my/fame.jpg"; depth:12; endswith; nocase; http.host; content:"91.219.61.224"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973020/; classtype:trojan-activity;sid:81836120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/my/pab.jpg"; depth:11; endswith; nocase; http.host; content:"91.219.61.224"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973019/; classtype:trojan-activity;sid:81836119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/my/sell.jpg"; depth:12; endswith; nocase; http.host; content:"91.219.61.224"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973018/; classtype:trojan-activity;sid:81836118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/pbd1/"; depth:8; endswith; nocase; http.host; content:"ook7.com"; depth:8; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973016/; classtype:trojan-activity;sid:81836116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.189.220"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973010/; classtype:trojan-activity;sid:81836110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v/vsfjccg9ov/"; depth:14; endswith; nocase; http.host; content:"www.yugan.cool"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973009/; classtype:trojan-activity;sid:81836109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/tpghhntha/"; depth:19; endswith; nocase; http.host; content:"www.caglayansrc.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973007/; classtype:trojan-activity;sid:81836107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/wbdnukw/"; depth:21; endswith; nocase; http.host; content:"topflighttrading.org"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973008/; classtype:trojan-activity;sid:81836108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/mx/"; depth:6; endswith; nocase; http.host; content:"amojo.org"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973006/; classtype:trojan-activity;sid:81836106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nfs-heat-n0ght/msqfotakfq/"; depth:27; endswith; nocase; http.host; content:"www.exerzitien.jetzt"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973002/; classtype:trojan-activity;sid:81836102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (973000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/kafishfsh/"; depth:20; endswith; nocase; http.host; content:"senturketicaret.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/973000/; classtype:trojan-activity;sid:81836100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"173.29.210.241"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972997/; classtype:trojan-activity;sid:81836097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.180.195"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972996/; classtype:trojan-activity;sid:81836096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.106.13"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972995/; classtype:trojan-activity;sid:81836095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.101.126"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972994/; classtype:trojan-activity;sid:81836094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.27.124.118"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972993/; classtype:trojan-activity;sid:81836093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f0t0s.jpg"; depth:10; endswith; nocase; http.host; content:"statsline.bar"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972992/; classtype:trojan-activity;sid:81836092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f0t0s.jpg"; depth:10; endswith; nocase; http.host; content:"statsline.cyou"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972991/; classtype:trojan-activity;sid:81836091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f0t0s.jpg"; depth:10; endswith; nocase; http.host; content:"linestats.bar"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972990/; classtype:trojan-activity;sid:81836090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.53.89.239"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972989/; classtype:trojan-activity;sid:81836089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f0t0s.jpg"; depth:10; endswith; nocase; http.host; content:"linestats.cyou"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972988/; classtype:trojan-activity;sid:81836088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f0t0s.jpg"; depth:10; endswith; nocase; http.host; content:"linestats.casa"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972987/; classtype:trojan-activity;sid:81836087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.27.124.118"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972986/; classtype:trojan-activity;sid:81836086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.185.203.74"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972985/; classtype:trojan-activity;sid:81836085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmdch/obo.exe"; depth:14; endswith; nocase; http.host; content:"107.172.130.131"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972984/; classtype:trojan-activity;sid:81836084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/receismt/regasm.exe"; depth:20; endswith; nocase; http.host; content:"sara2wsdyentertainws.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972983/; classtype:trojan-activity;sid:81836083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.86.99.5"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972982/; classtype:trojan-activity;sid:81836082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/joj.exe"; depth:12; endswith; nocase; http.host; content:"bornwildadventures.co.ke"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972980/; classtype:trojan-activity;sid:81836080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/ose.exe"; depth:12; endswith; nocase; http.host; content:"bornwildadventures.co.ke"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972981/; classtype:trojan-activity;sid:81836081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/aqw.exe"; depth:12; endswith; nocase; http.host; content:"bornwildadventures.co.ke"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972978/; classtype:trojan-activity;sid:81836078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/cic.exe"; depth:12; endswith; nocase; http.host; content:"bornwildadventures.co.ke"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972977/; classtype:trojan-activity;sid:81836077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/eic.exe"; depth:12; endswith; nocase; http.host; content:"bornwildadventures.co.ke"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972979/; classtype:trojan-activity;sid:81836079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/kino.exe"; depth:13; endswith; nocase; http.host; content:"bornwildadventures.co.ke"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972976/; classtype:trojan-activity;sid:81836076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/wah.exe"; depth:12; endswith; nocase; http.host; content:"bornwildadventures.co.ke"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972975/; classtype:trojan-activity;sid:81836075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shengdoc/vbc.exe"; depth:17; endswith; nocase; http.host; content:"shgshgwsdynationwsmh.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972972/; classtype:trojan-activity;sid:81836072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahjdoc/vbc.exe"; depth:15; endswith; nocase; http.host; content:"wsdyalhjchfonlinwsed.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972973/; classtype:trojan-activity;sid:81836073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kung2doc/winlog.exe"; depth:20; endswith; nocase; http.host; content:"wsdykungsb2gotchtsub.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972974/; classtype:trojan-activity;sid:81836074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thevdoc/winlog.exe"; depth:19; endswith; nocase; http.host; content:"wsdytheviejupcazwspl.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972971/; classtype:trojan-activity;sid:81836071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documepnt/winlog.exe"; depth:21; endswith; nocase; http.host; content:"wsdypmrimelimtdvenws.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972970/; classtype:trojan-activity;sid:81836070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secure/svchost.exe"; depth:19; endswith; nocase; http.host; content:"chneswsdyqudusiswsha.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972965/; classtype:trojan-activity;sid:81836065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kungdoc/winlog.exe"; depth:19; endswith; nocase; http.host; content:"kungwsdycommunicwsvc.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972969/; classtype:trojan-activity;sid:81836069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chnsfrnd1/vbc.exe"; depth:18; endswith; nocase; http.host; content:"unitedwsdykesokowsbv.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972966/; classtype:trojan-activity;sid:81836066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yanoffice/win32.exe"; depth:20; endswith; nocase; http.host; content:"wsdyantipiracydewsqw.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972967/; classtype:trojan-activity;sid:81836067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chnsfrnd2/winlog.exe"; depth:21; endswith; nocase; http.host; content:"wsdychfouranotherwop.dns.army"; depth:29; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972968/; classtype:trojan-activity;sid:81836068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.24.70"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972963/; classtype:trojan-activity;sid:81836063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/801449801975726095/801450821929009152/purchase_order.exe"; depth:69; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972964/; classtype:trojan-activity;sid:81836064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.124.114.169"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972962/; classtype:trojan-activity;sid:81836062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.128.52"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972961/; classtype:trojan-activity;sid:81836061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.86.99.5"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972959/; classtype:trojan-activity;sid:81836059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.51.102.79"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972960/; classtype:trojan-activity;sid:81836060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taagente.exe"; depth:13; endswith; nocase; http.host; content:"apps.saintsoporte.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972958/; classtype:trojan-activity;sid:81836058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/red.exe"; depth:8; endswith; nocase; http.host; content:"surfe.xyz"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972957/; classtype:trojan-activity;sid:81836057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.186.188"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972956/; classtype:trojan-activity;sid:81836056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monthlypayroll/january.jpg"; depth:27; endswith; nocase; http.host; content:"ach-edi.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972955/; classtype:trojan-activity;sid:81836055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.24.70"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972954/; classtype:trojan-activity;sid:81836054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.87.55"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972953/; classtype:trojan-activity;sid:81836053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.126.247.95"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972952/; classtype:trojan-activity;sid:81836052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.186.188"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972951/; classtype:trojan-activity;sid:81836051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.87.55"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972950/; classtype:trojan-activity;sid:81836050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/xxpupx_yqxkvz10.bin"; depth:23; endswith; nocase; http.host; content:"multiwaretecnologia.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972949/; classtype:trojan-activity;sid:81836049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=a32aea2b4355716b|7c|26|7c|resid=a32aea2b4355716b%215171|7c|26|7c|authkey=apwe6-grmplxb6m"; depth:105; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972948/; classtype:trojan-activity;sid:81836048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ayh8gpvqgbv7eehmvuijhjxwqbpncup3"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972946/; classtype:trojan-activity;sid:81836046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1bucqd-cgjen5dmo_bqzon4lx2tghtli7"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972947/; classtype:trojan-activity;sid:81836047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1y6btkgizuizrv9ypl47svij5a47bjfpx"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972945/; classtype:trojan-activity;sid:81836045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.196.225"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972944/; classtype:trojan-activity;sid:81836044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.224.150.100"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972943/; classtype:trojan-activity;sid:81836043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.92.80.221"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972942/; classtype:trojan-activity;sid:81836042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.7.84"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972941/; classtype:trojan-activity;sid:81836041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.246.131.239"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972940/; classtype:trojan-activity;sid:81836040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.156.39"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972939/; classtype:trojan-activity;sid:81836039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.172.156"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972937/; classtype:trojan-activity;sid:81836037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.86.234"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972938/; classtype:trojan-activity;sid:81836038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.106.179"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972936/; classtype:trojan-activity;sid:81836036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.17.198.44"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972934/; classtype:trojan-activity;sid:81836034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.72.209"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972935/; classtype:trojan-activity;sid:81836035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.119.165"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972932/; classtype:trojan-activity;sid:81836032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.11.126.42"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972933/; classtype:trojan-activity;sid:81836033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.26.71.19"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972928/; classtype:trojan-activity;sid:81836028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.147.122"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972930/; classtype:trojan-activity;sid:81836030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.206.27.226"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972929/; classtype:trojan-activity;sid:81836029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.168.138"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972931/; classtype:trojan-activity;sid:81836031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.124.114.169"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972927/; classtype:trojan-activity;sid:81836027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.120.127"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972926/; classtype:trojan-activity;sid:81836026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.126.247.95"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972925/; classtype:trojan-activity;sid:81836025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.204.77"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972924/; classtype:trojan-activity;sid:81836024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.120.127"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972923/; classtype:trojan-activity;sid:81836023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.74"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972922/; classtype:trojan-activity;sid:81836022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.84.121"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972921/; classtype:trojan-activity;sid:81836021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.147.248.121"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972920/; classtype:trojan-activity;sid:81836020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.84.121"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972919/; classtype:trojan-activity;sid:81836019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.164.159"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972918/; classtype:trojan-activity;sid:81836018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.165.75.57"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972917/; classtype:trojan-activity;sid:81836017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.123.65"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972916/; classtype:trojan-activity;sid:81836016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.92.174.231"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972915/; classtype:trojan-activity;sid:81836015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.251.221.45"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972914/; classtype:trojan-activity;sid:81836014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.164.159"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972913/; classtype:trojan-activity;sid:81836013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.123.65"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972912/; classtype:trojan-activity;sid:81836012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.207.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972911/; classtype:trojan-activity;sid:81836011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.147.248.121"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972910/; classtype:trojan-activity;sid:81836010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.251.221.45"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972909/; classtype:trojan-activity;sid:81836009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.207.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972908/; classtype:trojan-activity;sid:81836008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972907/; classtype:trojan-activity;sid:81836007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/typically/2ly44b5ijlk5q06xnnk8xyxmzpia2tjetu/"; depth:46; endswith; nocase; http.host; content:"vocalriyaz.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972906/; classtype:trojan-activity;sid:81836006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.28.149"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972905/; classtype:trojan-activity;sid:81836005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972904/; classtype:trojan-activity;sid:81836004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.25.120"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972903/; classtype:trojan-activity;sid:81836003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.244.207"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972902/; classtype:trojan-activity;sid:81836002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/hinatasocute.arm"; depth:21; endswith; nocase; http.host; content:"13.127.97.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972896/; classtype:trojan-activity;sid:81835996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/hinatasocute.arm5"; depth:22; endswith; nocase; http.host; content:"13.127.97.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972898/; classtype:trojan-activity;sid:81835998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/hinatasocute.arm6"; depth:22; endswith; nocase; http.host; content:"13.127.97.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972895/; classtype:trojan-activity;sid:81835995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/hinatasocute.arm7"; depth:22; endswith; nocase; http.host; content:"13.127.97.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972899/; classtype:trojan-activity;sid:81835999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/hinatasocute.m68k"; depth:22; endswith; nocase; http.host; content:"13.127.97.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972901/; classtype:trojan-activity;sid:81836001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/hinatasocute.mips"; depth:22; endswith; nocase; http.host; content:"13.127.97.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972892/; classtype:trojan-activity;sid:81835992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/hinatasocute.mpsl"; depth:22; endswith; nocase; http.host; content:"13.127.97.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972900/; classtype:trojan-activity;sid:81836000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/hinatasocute.ppc"; depth:21; endswith; nocase; http.host; content:"13.127.97.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972897/; classtype:trojan-activity;sid:81835997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/hinatasocute.sh4"; depth:21; endswith; nocase; http.host; content:"13.127.97.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972893/; classtype:trojan-activity;sid:81835993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/hinatasocute.x86"; depth:21; endswith; nocase; http.host; content:"13.127.97.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972894/; classtype:trojan-activity;sid:81835994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.29.28.174"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972891/; classtype:trojan-activity;sid:81835991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/obxyix0hvicq33gfvtbvqmqfij5qyzoiy6zvdnbfgwxuxbe610oyulxe1tolb6/"; depth:73; endswith; nocase; http.host; content:"autodaro.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972890/; classtype:trojan-activity;sid:81835990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.11.68.192"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972889/; classtype:trojan-activity;sid:81835989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.92.174.231"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972888/; classtype:trojan-activity;sid:81835988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.25.253"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972887/; classtype:trojan-activity;sid:81835987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.244.207"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972886/; classtype:trojan-activity;sid:81835986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.39"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972885/; classtype:trojan-activity;sid:81835985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.139.37"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972884/; classtype:trojan-activity;sid:81835984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.132.67"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972883/; classtype:trojan-activity;sid:81835983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.77.37.136"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972881/; classtype:trojan-activity;sid:81835981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.188.241.175"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972880/; classtype:trojan-activity;sid:81835980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.49.42"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972882/; classtype:trojan-activity;sid:81835982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.249.82.182"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972879/; classtype:trojan-activity;sid:81835979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.173.165"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972878/; classtype:trojan-activity;sid:81835978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.170.164"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972877/; classtype:trojan-activity;sid:81835977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.163.89"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972876/; classtype:trojan-activity;sid:81835976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.114.111.124"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972875/; classtype:trojan-activity;sid:81835975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.181.108"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972874/; classtype:trojan-activity;sid:81835974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.54.24.27"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972873/; classtype:trojan-activity;sid:81835973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.20.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972872/; classtype:trojan-activity;sid:81835972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.205.218.84"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972869/; classtype:trojan-activity;sid:81835969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.123.46"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972870/; classtype:trojan-activity;sid:81835970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.77.43"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972871/; classtype:trojan-activity;sid:81835971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.130.29.157"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972868/; classtype:trojan-activity;sid:81835968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/administrator/oy3o2ybytlpah8m/"; depth:31; endswith; nocase; http.host; content:"angelobruzzese.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972866/; classtype:trojan-activity;sid:81835966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/error-404/cquynn86xzdlnbknaffaml04jzsgvzxp9jcwdzzias3y3kno6knlpes/"; depth:67; endswith; nocase; http.host; content:"salspmd.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972867/; classtype:trojan-activity;sid:81835967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.25.253"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972865/; classtype:trojan-activity;sid:81835965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.11.68.192"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972864/; classtype:trojan-activity;sid:81835964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.29.28.174"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972863/; classtype:trojan-activity;sid:81835963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"211.114.111.124"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972862/; classtype:trojan-activity;sid:81835962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.178.242"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972861/; classtype:trojan-activity;sid:81835961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.39"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972860/; classtype:trojan-activity;sid:81835960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.134.67.182"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972859/; classtype:trojan-activity;sid:81835959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.178.242"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972858/; classtype:trojan-activity;sid:81835958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.214.38"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972857/; classtype:trojan-activity;sid:81835957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.219.102"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972856/; classtype:trojan-activity;sid:81835956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.144.62.85"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972855/; classtype:trojan-activity;sid:81835955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.154.106"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972854/; classtype:trojan-activity;sid:81835954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.196.205"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972853/; classtype:trojan-activity;sid:81835953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.15.0"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972852/; classtype:trojan-activity;sid:81835952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.214.38"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972851/; classtype:trojan-activity;sid:81835951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.144.62.85"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972850/; classtype:trojan-activity;sid:81835950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.242.164"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972849/; classtype:trojan-activity;sid:81835949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.154.106"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972848/; classtype:trojan-activity;sid:81835948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.118.13.66"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972847/; classtype:trojan-activity;sid:81835947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.13.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972846/; classtype:trojan-activity;sid:81835946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/i3d6jrysbyfbmt5t0vgp9dk/"; depth:34; endswith; nocase; http.host; content:"indianaavepentchurch.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972845/; classtype:trojan-activity;sid:81835945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.242.164"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972844/; classtype:trojan-activity;sid:81835944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/small/nkokqrjj/"; depth:16; endswith; nocase; http.host; content:"photo360.kubooking.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972843/; classtype:trojan-activity;sid:81835943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.0.139"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972842/; classtype:trojan-activity;sid:81835942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.13.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972841/; classtype:trojan-activity;sid:81835941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"47.197.0.119"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972840/; classtype:trojan-activity;sid:81835940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unquality/kex5pzsmefr/"; depth:23; endswith; nocase; http.host; content:"comotocarviolaorapido.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972839/; classtype:trojan-activity;sid:81835939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shio-hk-gkr1f/j7y9xe4pkin0jordez0dcyy2q9bssr7pxo9ff1xnccbpl6pxms/"; depth:66; endswith; nocase; http.host; content:"flipamas.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972838/; classtype:trojan-activity;sid:81835938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.0.139"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972837/; classtype:trojan-activity;sid:81835937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.219.155"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972836/; classtype:trojan-activity;sid:81835936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.68.205"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972835/; classtype:trojan-activity;sid:81835935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.51.104.54"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972834/; classtype:trojan-activity;sid:81835934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.1.125"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972833/; classtype:trojan-activity;sid:81835933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.21.11.178"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972832/; classtype:trojan-activity;sid:81835932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.68.205"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972831/; classtype:trojan-activity;sid:81835931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.51.104.54"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972830/; classtype:trojan-activity;sid:81835930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.252.49"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972829/; classtype:trojan-activity;sid:81835929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.219.155"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972828/; classtype:trojan-activity;sid:81835928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/responsives/z/"; depth:15; endswith; nocase; http.host; content:"newtop.one"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972827/; classtype:trojan-activity;sid:81835927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_old_may_2018/assets/wdl8x/"; depth:31; endswith; nocase; http.host; content:"www.ummahstars.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972826/; classtype:trojan-activity;sid:81835926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.1.125"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972825/; classtype:trojan-activity;sid:81835925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.12.199"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972824/; classtype:trojan-activity;sid:81835924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/8nkblvriceirdnnup0em/"; depth:41; endswith; nocase; http.host; content:"acc244.com.vn"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972823/; classtype:trojan-activity;sid:81835923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.252.49"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972822/; classtype:trojan-activity;sid:81835922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/htcogbwifqnxthaclbw76jf2/"; depth:35; endswith; nocase; http.host; content:"ketogenicsupplementreviews.net"; depth:30; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972821/; classtype:trojan-activity;sid:81835921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/w7f/"; depth:15; endswith; nocase; http.host; content:"arch.nqu.edu.tw"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972820/; classtype:trojan-activity;sid:81835920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4131325866/sg/"; depth:15; endswith; nocase; http.host; content:"bgmtechnologies.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972818/; classtype:trojan-activity;sid:81835918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sales/tzv/"; depth:11; endswith; nocase; http.host; content:"pageshare.net"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972819/; classtype:trojan-activity;sid:81835919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microsporous/p7m/"; depth:18; endswith; nocase; http.host; content:"hindumedia.in"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972817/; classtype:trojan-activity;sid:81835917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/improvisate/hvttdmsz/"; depth:22; endswith; nocase; http.host; content:"gethumvee.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972815/; classtype:trojan-activity;sid:81835915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/248152296/ccxqkypqq/"; depth:21; endswith; nocase; http.host; content:"popperandshow.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972816/; classtype:trojan-activity;sid:81835916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.219.231"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972814/; classtype:trojan-activity;sid:81835914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.127.54"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972813/; classtype:trojan-activity;sid:81835913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.115.73.254"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972812/; classtype:trojan-activity;sid:81835912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.43.233"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972809/; classtype:trojan-activity;sid:81835909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.7.164"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972810/; classtype:trojan-activity;sid:81835910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.193.91.194"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972806/; classtype:trojan-activity;sid:81835906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.138.220"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972811/; classtype:trojan-activity;sid:81835911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.115.73.48"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972807/; classtype:trojan-activity;sid:81835907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.115.73.4"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972808/; classtype:trojan-activity;sid:81835908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.38.104.165"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972805/; classtype:trojan-activity;sid:81835905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.51.161"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972804/; classtype:trojan-activity;sid:81835904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.181.34.26"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972803/; classtype:trojan-activity;sid:81835903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.205.222"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972802/; classtype:trojan-activity;sid:81835902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.255.20.97"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972801/; classtype:trojan-activity;sid:81835901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.184.164"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972799/; classtype:trojan-activity;sid:81835899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.160.74"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972798/; classtype:trojan-activity;sid:81835898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.70.20.41"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972800/; classtype:trojan-activity;sid:81835900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.162.70"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_21; reference:url, urlhaus.abuse.ch/url/972797/; classtype:trojan-activity;sid:81835897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lzeqlfbac1ux5g7vweqqyasfm9c9jmv7vu6xgmseralyzr/"; depth:48; endswith; nocase; http.host; content:"kmqm.com.vn"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972796/; classtype:trojan-activity;sid:81835896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/a1283/!/"; depth:18; endswith; nocase; http.host; content:"bardiastore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972795/; classtype:trojan-activity;sid:81835895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djibagqk|3f|id=9783=j0tvcqcabq0gtacfvviiulftbk4=xw5zwfsmqfhbfv5uavkrs1zvvfpaxlnueqtxde8awv9iuw4ecfylbgrqbqfwb1wiagboxuferw9ktrgeabngaxofvfpba19ewgpbqepuclqyfxh8d3fwzc5duqydfqq=|7c|26|7c|fl=demrsq0whvrfuundswndtqcmredzt1fusklsreceqkrlualwvvhegkvcqlimdetnawxzrlynqbpox1jduqbzqf0afapgd3zidkrvagcltjoadgrgycpif2wvbwfbc2jeif4kc1aw/"; depth:327; endswith; nocase; http.host; content:"fapp1.globelinkww.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972794/; classtype:trojan-activity;sid:81835894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/b26bueqf69jxklelwmapzyxnc1bockfo2oyuw09jdpa5jfou0/"; depth:60; endswith; nocase; http.host; content:"crumlabs.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972793/; classtype:trojan-activity;sid:81835893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/h/"; depth:10; endswith; nocase; http.host; content:"www.infoquick.co.uk"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972790/; classtype:trojan-activity;sid:81835890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/hy1hdtbdphryygchx8rxfuyd1u03h9gqdgakn4ehikaozqe/"; depth:58; endswith; nocase; http.host; content:"www.photolinguist.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972791/; classtype:trojan-activity;sid:81835891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/h/"; depth:10; endswith; nocase; http.host; content:"infoquick.co.uk"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972792/; classtype:trojan-activity;sid:81835892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media/te/"; depth:10; endswith; nocase; http.host; content:"achutamanasa.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972786/; classtype:trojan-activity;sid:81835886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/21diz/"; depth:18; endswith; nocase; http.host; content:"cashyinvestment.org"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972785/; classtype:trojan-activity;sid:81835885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/php/a1wajk41pdqtm32abznt8yzcwl91x55fkgzhbshtneiv4fzazldyzldtb/"; depth:63; endswith; nocase; http.host; content:"hcldindia.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972788/; classtype:trojan-activity;sid:81835888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tilefish/xiun9lhlfz1zi3knnjrusdwzm11q5hmt1dz28pxg07/"; depth:53; endswith; nocase; http.host; content:"ruthrocha.clientes.newgosling.com"; depth:33; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972789/; classtype:trojan-activity;sid:81835889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/rnjvhe0sr9o7as9kwfhnfm64m/"; depth:35; endswith; nocase; http.host; content:"sub.mannheal.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972787/; classtype:trojan-activity;sid:81835887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/xfhyzeylilyhjg7yqyiznza3vk2taki8aosu5glzan/"; depth:56; endswith; nocase; http.host; content:"mmsnegocios.com.br"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972784/; classtype:trojan-activity;sid:81835884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blogs/fihqvgjr43nmp5mt6bd32aj7ymimuspne/"; depth:41; endswith; nocase; http.host; content:"goodnesspharmacy.in"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972783/; classtype:trojan-activity;sid:81835883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/nbtxkrenmnlv3fekqxjwawuks/"; depth:36; endswith; nocase; http.host; content:"shifa.sa"; depth:8; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972782/; classtype:trojan-activity;sid:81835882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/archive/xhqhngfb197aljqrnmonpw0lng6qkes7lgnmvgp7fcifffx3ubwead0uagfjnbpxg/"; depth:75; endswith; nocase; http.host; content:"www.lohanamatching.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972781/; classtype:trojan-activity;sid:81835881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/seg6/!/"; depth:17; endswith; nocase; http.host; content:"abdo-alyemeni.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972779/; classtype:trojan-activity;sid:81835879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/administrator/oy3o2ybytlpah8m/"; depth:31; endswith; nocase; http.host; content:"www.angelobruzzese.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972780/; classtype:trojan-activity;sid:81835880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.101.101"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972778/; classtype:trojan-activity;sid:81835878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/inh1q4efmt/"; depth:23; endswith; nocase; http.host; content:"chenqiaorong007.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972775/; classtype:trojan-activity;sid:81835875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/z4tfme0/"; depth:21; endswith; nocase; http.host; content:"qingniatouzi.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972777/; classtype:trojan-activity;sid:81835877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-login/9zvtyalyhg/"; depth:21; endswith; nocase; http.host; content:"aqnym.top"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972776/; classtype:trojan-activity;sid:81835876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3948708181/l7/"; depth:15; endswith; nocase; http.host; content:"hredoybangladesh.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972774/; classtype:trojan-activity;sid:81835874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/u12bbgpx2v/"; depth:23; endswith; nocase; http.host; content:"bestcartdeal.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972772/; classtype:trojan-activity;sid:81835872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/griwz/"; depth:16; endswith; nocase; http.host; content:"washcolsc.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972773/; classtype:trojan-activity;sid:81835873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.93.15"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972771/; classtype:trojan-activity;sid:81835871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.101.101"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972770/; classtype:trojan-activity;sid:81835870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.12"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972769/; classtype:trojan-activity;sid:81835869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.11.33"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972768/; classtype:trojan-activity;sid:81835868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video/cz53oqazcuufi4kzfnnsc8lodlty8vlag6c9jze2soya574wm9sn/"; depth:60; endswith; nocase; http.host; content:"outerwearman.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972767/; classtype:trojan-activity;sid:81835867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.93.15"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972766/; classtype:trojan-activity;sid:81835866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/goblog/inc/meta-box/4inv/"; depth:44; endswith; nocase; http.host; content:"1gratisdating.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972765/; classtype:trojan-activity;sid:81835865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.103.81.5"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972764/; classtype:trojan-activity;sid:81835864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.176.109.235"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972763/; classtype:trojan-activity;sid:81835863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f0xautoconfig/nyj6v3wnkhvbt4rtr1bsmo7uvyogvhn6xgojaxubgarvhmrbd3hqedgr/"; depth:72; endswith; nocase; http.host; content:"pillars2020.novaclients.com"; depth:27; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972762/; classtype:trojan-activity;sid:81835862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.11.33"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972761/; classtype:trojan-activity;sid:81835861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.204.208"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972760/; classtype:trojan-activity;sid:81835860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.148.85"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972759/; classtype:trojan-activity;sid:81835859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.204.208"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972758/; classtype:trojan-activity;sid:81835858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"187.103.81.5"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972757/; classtype:trojan-activity;sid:81835857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.122.12"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972756/; classtype:trojan-activity;sid:81835856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.33.110"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972755/; classtype:trojan-activity;sid:81835855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.179.82"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972754/; classtype:trojan-activity;sid:81835854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.179.19"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972753/; classtype:trojan-activity;sid:81835853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.61.52"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972752/; classtype:trojan-activity;sid:81835852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"218.147.42.191"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972751/; classtype:trojan-activity;sid:81835851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/referer/nasn0r13ipvuc4pkbbykttb7caqlmaas3ayphov5o7q1wnzls700vfjjqcu6ssd22schg/"; depth:79; endswith; nocase; http.host; content:"onyxmedia.in"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972750/; classtype:trojan-activity;sid:81835850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/code/becdkrko5hslffirjhjatuyobgxxy5n6da9zdlsjkegyqpb4jlcczlt/"; depth:62; endswith; nocase; http.host; content:"app.newinnovationtechnology.com"; depth:31; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972749/; classtype:trojan-activity;sid:81835849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.26.245.150"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972748/; classtype:trojan-activity;sid:81835848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peppery/fkdi/"; depth:14; endswith; nocase; http.host; content:"gaurance.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972746/; classtype:trojan-activity;sid:81835846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/contact_send/tckgsyljg42nev62/"; depth:31; endswith; nocase; http.host; content:"thejanimal.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972747/; classtype:trojan-activity;sid:81835847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content_old/8gstxi4pzoatadlwevsukq4bdia8friu4vvnrsy9ssl1uabnmxwcree8dpetaugejumd/"; depth:85; endswith; nocase; http.host; content:"bielert.de"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972744/; classtype:trojan-activity;sid:81835844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/brty5dqqowszuiqboyw93gcxekqakw4hwqn0wkgxxrnyxf9i/"; depth:59; endswith; nocase; http.host; content:"prodescsaude.com.br"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972745/; classtype:trojan-activity;sid:81835845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-snapshots/zhv3qomymbxu7nwottqdnwsbv7xwqbqieeobmfdxxh2p4qwt0/"; depth:64; endswith; nocase; http.host; content:"haymall.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972743/; classtype:trojan-activity;sid:81835843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.179.19"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972742/; classtype:trojan-activity;sid:81835842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.166.195"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972741/; classtype:trojan-activity;sid:81835841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.21.92"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972740/; classtype:trojan-activity;sid:81835840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.175.18"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972739/; classtype:trojan-activity;sid:81835839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.98.34"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972738/; classtype:trojan-activity;sid:81835838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.123.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972737/; classtype:trojan-activity;sid:81835837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.61.52"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972736/; classtype:trojan-activity;sid:81835836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.170.178.180"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972735/; classtype:trojan-activity;sid:81835835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.166.195"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972734/; classtype:trojan-activity;sid:81835834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.21.92"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972733/; classtype:trojan-activity;sid:81835833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/banner/uw/"; depth:11; endswith; nocase; http.host; content:"blog.tqdesign.vn"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972732/; classtype:trojan-activity;sid:81835832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.175.18"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972730/; classtype:trojan-activity;sid:81835830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/kxpufj09v77nrvkj6s7vs/"; depth:32; endswith; nocase; http.host; content:"movartemusic.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972731/; classtype:trojan-activity;sid:81835831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.207.216"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972729/; classtype:trojan-activity;sid:81835829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3n6543"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972725/; classtype:trojan-activity;sid:81835825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/676mw6"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972726/; classtype:trojan-activity;sid:81835826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k8k887"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972728/; classtype:trojan-activity;sid:81835828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tv4tg4"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972727/; classtype:trojan-activity;sid:81835827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/arm6"; depth:9; endswith; nocase; http.host; content:"192.236.154.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972724/; classtype:trojan-activity;sid:81835824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nw3n77"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972723/; classtype:trojan-activity;sid:81835823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/m68k"; depth:9; endswith; nocase; http.host; content:"192.236.154.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972722/; classtype:trojan-activity;sid:81835822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/mips"; depth:9; endswith; nocase; http.host; content:"192.236.154.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972720/; classtype:trojan-activity;sid:81835820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/mpsl"; depth:9; endswith; nocase; http.host; content:"192.236.154.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972718/; classtype:trojan-activity;sid:81835818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/ppc"; depth:8; endswith; nocase; http.host; content:"192.236.154.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972721/; classtype:trojan-activity;sid:81835821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/sh4"; depth:8; endswith; nocase; http.host; content:"192.236.154.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972719/; classtype:trojan-activity;sid:81835819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h83yg3"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972717/; classtype:trojan-activity;sid:81835817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/arm5"; depth:9; endswith; nocase; http.host; content:"192.236.154.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972716/; classtype:trojan-activity;sid:81835816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b5t5y"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972713/; classtype:trojan-activity;sid:81835813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/54m5n2"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972712/; classtype:trojan-activity;sid:81835812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5byb45"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972709/; classtype:trojan-activity;sid:81835809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/63vuhr"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972710/; classtype:trojan-activity;sid:81835810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/75m4bh"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972714/; classtype:trojan-activity;sid:81835814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7w4757"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972715/; classtype:trojan-activity;sid:81835815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n4764w"; depth:7; endswith; nocase; http.host; content:"134.122.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972711/; classtype:trojan-activity;sid:81835811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/arm"; depth:8; endswith; nocase; http.host; content:"192.236.154.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972706/; classtype:trojan-activity;sid:81835806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/arm7"; depth:9; endswith; nocase; http.host; content:"192.236.154.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972707/; classtype:trojan-activity;sid:81835807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x01/x86"; depth:8; endswith; nocase; http.host; content:"192.236.154.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972708/; classtype:trojan-activity;sid:81835808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/3esjzbesahmckxfd3iewlhcwabk0ed0df7wp/"; depth:49; endswith; nocase; http.host; content:"otgconnect.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972705/; classtype:trojan-activity;sid:81835805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.176.111.197"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972704/; classtype:trojan-activity;sid:81835804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pronuba/fparcid/"; depth:17; endswith; nocase; http.host; content:"forship.clientes.newgosling.com"; depth:31; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972702/; classtype:trojan-activity;sid:81835802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd/0/get/bhyo4npkbiz0vzummxn0mn8xwmwkh8wir4cmktjqmw1ro7cg2_efnhfqimojnnlry7ickw627_noq3v5r4d6xrs3tgux3ateg3onomozmm-bhd-yepbocaqa2kfafwu9wkw/file|3f|dl=1"; depth:154; endswith; nocase; http.host; content:"ucbb2e2549ce96af9682f8d43f87.dl.dropboxusercontent.com"; depth:54; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972703/; classtype:trojan-activity;sid:81835803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/z5/"; depth:12; endswith; nocase; http.host; content:"academiaprogreso.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972701/; classtype:trojan-activity;sid:81835801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/zqhdylf/"; depth:11; endswith; nocase; http.host; content:"casinos-hub.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972700/; classtype:trojan-activity;sid:81835800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/e/"; depth:14; endswith; nocase; http.host; content:"mts2019-002-site9.gtempurl.com"; depth:30; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972698/; classtype:trojan-activity;sid:81835798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/responsives/z/"; depth:15; endswith; nocase; http.host; content:"newtop.one"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972699/; classtype:trojan-activity;sid:81835799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/gauyf/"; depth:18; endswith; nocase; http.host; content:"ocean4gamers.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972697/; classtype:trojan-activity;sid:81835797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n/fueyog/"; depth:10; endswith; nocase; http.host; content:"deoditas.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972696/; classtype:trojan-activity;sid:81835796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys-cache/tasw/"; depth:16; endswith; nocase; http.host; content:"yahyalisayam.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972695/; classtype:trojan-activity;sid:81835795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/htcogbwifqnxthaclbw76jf2/"; depth:35; endswith; nocase; http.host; content:"ketogenicsupplementreviews.net"; depth:30; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972694/; classtype:trojan-activity;sid:81835794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/bfbte59rjhcpmd2oqt5582fkjm20dhymutul/"; depth:50; endswith; nocase; http.host; content:"redshiftsolutions.io"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972693/; classtype:trojan-activity;sid:81835793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i/qwoxgkeaxpmodflrmqgtb1vxp2hyuiqqcatadbxazlji1pwjmusekjbgtgocxarjt8/"; depth:70; endswith; nocase; http.host; content:"www.qmh333.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972692/; classtype:trojan-activity;sid:81835792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoodiap57/kfzmeart7d7farfdwaikswcmsf2boopphrqarv/"; depth:50; endswith; nocase; http.host; content:"channigreenwall.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972690/; classtype:trojan-activity;sid:81835790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q/evme0bbxbcio9wwhtxfocj9bkk6wwj73xi7r48q8dfcizqbajzo5hz42pl/"; depth:62; endswith; nocase; http.host; content:"jamapparelsl.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972689/; classtype:trojan-activity;sid:81835789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/ngtj/"; depth:18; endswith; nocase; http.host; content:"www.weinsteincounseling.com"; depth:27; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972691/; classtype:trojan-activity;sid:81835791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/a0c0hwdsp7f/"; depth:21; endswith; nocase; http.host; content:"nida-alwajib.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972688/; classtype:trojan-activity;sid:81835788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/czdkwbappysh8kkv4ltvui5osfamrybmxotxzv4pw4ipona9u1ewpxasbwh08akmbjs/"; depth:71; endswith; nocase; http.host; content:"stunnerciti.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972687/; classtype:trojan-activity;sid:81835787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brotuliform/sgm8dbfpfgl21hisjgp/"; depth:33; endswith; nocase; http.host; content:"thedrumbeat.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972686/; classtype:trojan-activity;sid:81835786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/hvumm7cc0ljcqkucwqopfnxcoerspmbiwjatdwdpopfawxenawaknybqs/"; depth:67; endswith; nocase; http.host; content:"escuelalomacolorada.cl"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972684/; classtype:trojan-activity;sid:81835784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1264213150/b5tph5jcrdfspuc0zknpfyb4i2wcbxoxbgnidmw6wofnz2nyp0mpy11v6hk6r/"; depth:74; endswith; nocase; http.host; content:"pet360.com.my"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972683/; classtype:trojan-activity;sid:81835783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sistema/xul2/"; depth:14; endswith; nocase; http.host; content:"www.serviciomore.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972685/; classtype:trojan-activity;sid:81835785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yamaha-upright-see7e/9alidiqq5gk62ptmsdgqkcschiaivjsjcprvhzgqk0flkk2l4zorkwv2vi/"; depth:81; endswith; nocase; http.host; content:"skincrestclinic.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972682/; classtype:trojan-activity;sid:81835782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unquality/kex5pzsmefr/"; depth:23; endswith; nocase; http.host; content:"comotocarviolaorapido.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972681/; classtype:trojan-activity;sid:81835781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/jpxpee95t1vbbn/"; depth:24; endswith; nocase; http.host; content:"junoboat.be"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972679/; classtype:trojan-activity;sid:81835779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shio-hk-gkr1f/j7y9xe4pkin0jordez0dcyy2q9bssr7pxo9ff1xnccbpl6pxms/"; depth:66; endswith; nocase; http.host; content:"flipamas.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972678/; classtype:trojan-activity;sid:81835778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anterior/tvbcsbdxirh0kz57vinarzvvmgrddgzgsllk9kdlgwbsywvqljvmniem/"; depth:67; endswith; nocase; http.host; content:"grupofloridablanca.es"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972680/; classtype:trojan-activity;sid:81835780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/code/cbbreflpowqwqxvsqmu/"; depth:26; endswith; nocase; http.host; content:"app.newinnovationtechnology.com"; depth:31; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972677/; classtype:trojan-activity;sid:81835777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/47akdzhpvntkfnzchlvfaaqjsu65wggvlwu4j/"; depth:48; endswith; nocase; http.host; content:"kftumusic.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972675/; classtype:trojan-activity;sid:81835775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pioneer33/wp-admin/css/colors/s959pro1es4msppdkhmpsheyeaehdqsfcr6yekeq5/"; depth:73; endswith; nocase; http.host; content:"www.pioneer.net.sa"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972676/; classtype:trojan-activity;sid:81835776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/qrxm9zow0yfzpofu/"; depth:25; endswith; nocase; http.host; content:"2586097-2.web-hosting.es"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972672/; classtype:trojan-activity;sid:81835772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forum-ias/assets/global/plugins/bootbox/q9ateaow97q3wndwctb7bivxaortthzjui6vujtsdia2g/"; depth:87; endswith; nocase; http.host; content:"ajath.ae"; depth:8; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972674/; classtype:trojan-activity;sid:81835774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/instagram/oyhtedmhgbmvw5ds3gzqkbmzvvdxrnyg6dcslcucuzforq4daylupcavnmbawrdopsb/"; depth:79; endswith; nocase; http.host; content:"helpcopyright.click"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972671/; classtype:trojan-activity;sid:81835771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdrangel-install-qdm2q/fyntewqidcx6xxbxvjrojqmeu3ys/"; depth:53; endswith; nocase; http.host; content:"sspbrand.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972670/; classtype:trojan-activity;sid:81835770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/gjtfqn0sd8qmzc5xpdcg0k6qzowsrcsze/"; depth:44; endswith; nocase; http.host; content:"tenaciouscustomsclearing.com"; depth:28; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972673/; classtype:trojan-activity;sid:81835773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plagioclase/mwahuc4eytjodpifv7j/"; depth:33; endswith; nocase; http.host; content:"svpro.com"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972669/; classtype:trojan-activity;sid:81835769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.203.218"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972668/; classtype:trojan-activity;sid:81835768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.146.131"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972667/; classtype:trojan-activity;sid:81835767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.9.169.15"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972666/; classtype:trojan-activity;sid:81835766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.22.121"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972665/; classtype:trojan-activity;sid:81835765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.214.15"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972664/; classtype:trojan-activity;sid:81835764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.68.98.248"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972663/; classtype:trojan-activity;sid:81835763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.218.248.203"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972662/; classtype:trojan-activity;sid:81835762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.242.123.114"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972661/; classtype:trojan-activity;sid:81835761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.134.240"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972656/; classtype:trojan-activity;sid:81835756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.183.185"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972655/; classtype:trojan-activity;sid:81835755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.42.231"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972660/; classtype:trojan-activity;sid:81835760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.60.225"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972657/; classtype:trojan-activity;sid:81835757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.115.108"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972659/; classtype:trojan-activity;sid:81835759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.39.233"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972658/; classtype:trojan-activity;sid:81835758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.46.95"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972654/; classtype:trojan-activity;sid:81835754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.154.164"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972653/; classtype:trojan-activity;sid:81835753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"82.209.166.34"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972652/; classtype:trojan-activity;sid:81835752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.51.164"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972651/; classtype:trojan-activity;sid:81835751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.203.218"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972650/; classtype:trojan-activity;sid:81835750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/a1283/"; depth:16; endswith; nocase; http.host; content:"bardiastore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972649/; classtype:trojan-activity;sid:81835749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/seg6/"; depth:15; endswith; nocase; http.host; content:"abdo-alyemeni.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972648/; classtype:trojan-activity;sid:81835748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/si/"; depth:15; endswith; nocase; http.host; content:"dryaquelingrdo.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972647/; classtype:trojan-activity;sid:81835747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/248152296/tpi/"; depth:15; endswith; nocase; http.host; content:"fabulousstylz.net"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972645/; classtype:trojan-activity;sid:81835745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/x/"; depth:12; endswith; nocase; http.host; content:"oxycode.net"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972644/; classtype:trojan-activity;sid:81835744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/b73/"; depth:13; endswith; nocase; http.host; content:"trendmoversdubai.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972646/; classtype:trojan-activity;sid:81835746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.146.131"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972642/; classtype:trojan-activity;sid:81835742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/fv/"; depth:13; endswith; nocase; http.host; content:"giteslacolombiere.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972643/; classtype:trojan-activity;sid:81835743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.32.86"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972641/; classtype:trojan-activity;sid:81835741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.51.164"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972640/; classtype:trojan-activity;sid:81835740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.32.86"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972639/; classtype:trojan-activity;sid:81835739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n/9sgmuhfvbckqoqshl4wjsc4yctf1blpek/"; depth:37; endswith; nocase; http.host; content:"mannheal.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972638/; classtype:trojan-activity;sid:81835738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frayedness/m3rzpu123oekcdoa97cqb4l4clf9qtihp9inzfegowmrul2eqm9xumaoofrepxofq2p/"; depth:80; endswith; nocase; http.host; content:"solitaireclubs.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972637/; classtype:trojan-activity;sid:81835737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/pk7vsctrc4vnosujpbaaccfcevclgqwur70h6jzsiep6uwmfwwp4gftkrh8vva/"; depth:73; endswith; nocase; http.host; content:"sub-g.com"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972636/; classtype:trojan-activity;sid:81835736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/dt8tfjqvvshct0pslkqlumsdpavz9zkzefz77d/"; depth:52; endswith; nocase; http.host; content:"ec2-15-206-128-255.ap-south-1.compute.amazonaws.com"; depth:51; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972635/; classtype:trojan-activity;sid:81835735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eternal-duelist-9cuqv/ayrvhw5d8vuwglduiqt2bvhfvybieupqven1simqg/"; depth:65; endswith; nocase; http.host; content:"mmrincs.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972634/; classtype:trojan-activity;sid:81835734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/c/"; depth:12; endswith; nocase; http.host; content:"nimbledesign.miami"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972633/; classtype:trojan-activity;sid:81835733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/fzp4nk437z7nl1yx71/"; depth:31; endswith; nocase; http.host; content:"asianhimalayamusicschool.com.np"; depth:31; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972632/; classtype:trojan-activity;sid:81835732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/siam.stiepancasetia.ac.id/kf6o16tw0/"; depth:37; endswith; nocase; http.host; content:"stiepancasetia.ac.id"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972631/; classtype:trojan-activity;sid:81835731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/xdekfyevy1f3ffze8bz45oxbhzxp61o6eielyyyj5gjp/"; depth:52; endswith; nocase; http.host; content:"ucmasmauritius.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972629/; classtype:trojan-activity;sid:81835729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/pw3fvkzu3zv2/"; depth:22; endswith; nocase; http.host; content:"www.pragationline.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972630/; classtype:trojan-activity;sid:81835730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/nwgnu49xa9rqicytk4lewy3xnmzcxrowlnsluuriqcnrtcsn/"; depth:52; endswith; nocase; http.host; content:"loungecity.co.ls"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972628/; classtype:trojan-activity;sid:81835728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/tmvbbjks7netrsaxlsymgj2g6gernjsj8l14smu7rtw/"; depth:53; endswith; nocase; http.host; content:"grand-deli.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972625/; classtype:trojan-activity;sid:81835725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/sni8w3fssb44iavmzss2nv0od6eiixlq6/"; depth:43; endswith; nocase; http.host; content:"hqdecig.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972624/; classtype:trojan-activity;sid:81835724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/w3ujganmflitmy4ky0ccdmecu359zozpwkz6pad0g/"; depth:52; endswith; nocase; http.host; content:"mvm368.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972627/; classtype:trojan-activity;sid:81835727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i/fqe2t7bnevp8bdwxuyn5tft64npbu6sa4dfmsjdhpkngnyo4t1vjassdzut3nfd9lnu/"; depth:71; endswith; nocase; http.host; content:"benessereperfetto.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972626/; classtype:trojan-activity;sid:81835726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/ai9ijfd3se7ginxt7zchgk4b6jvsptackuq/"; depth:45; endswith; nocase; http.host; content:"soham.mannheal.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972623/; classtype:trojan-activity;sid:81835723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/cpkubw/"; depth:16; endswith; nocase; http.host; content:"ajath.in"; depth:8; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972621/; classtype:trojan-activity;sid:81835721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/fnekowhgnimcltnbkquivxgwgizaeraoxvzc0wnbtsmdzeebtiw/"; depth:64; endswith; nocase; http.host; content:"nidahub.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972622/; classtype:trojan-activity;sid:81835722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/contact_send/tckgsyljg42nev62/"; depth:31; endswith; nocase; http.host; content:"www.thejanimal.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972620/; classtype:trojan-activity;sid:81835720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/5jpofmmozacukdblekzd6s6nqlkeeo1tdj/"; depth:47; endswith; nocase; http.host; content:"confirm.bisiakintayo.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972618/; classtype:trojan-activity;sid:81835718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/fnekowhgnimcltnbkquivxgwgizaeraoxvzc0wnbtsmdzeebtiw/"; depth:64; endswith; nocase; http.host; content:"nidahub.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972619/; classtype:trojan-activity;sid:81835719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/m6p8uzabpiwqmrzmuyjicltifsgwbkluqfwm6nww54/"; depth:53; endswith; nocase; http.host; content:"peyk.online"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972617/; classtype:trojan-activity;sid:81835717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/yiibfshfgrqykodry1vij6qv9nc9xa00voeg5bbzu2b/"; depth:54; endswith; nocase; http.host; content:"www.baydanismanlik.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972616/; classtype:trojan-activity;sid:81835716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/localstart/cuktlefbnfktvdbgrli4xjj5jmpo/"; depth:41; endswith; nocase; http.host; content:"www.tru-liv.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972615/; classtype:trojan-activity;sid:81835715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.63.18"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972614/; classtype:trojan-activity;sid:81835714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.122.23"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972613/; classtype:trojan-activity;sid:81835713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_old_may_2018/assets/wdl8x/"; depth:31; endswith; nocase; http.host; content:"ummahstars.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972612/; classtype:trojan-activity;sid:81835712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_old_may_2018/assets/wdl8x/"; depth:31; endswith; nocase; http.host; content:"www.ummahstars.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972611/; classtype:trojan-activity;sid:81835711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.172.168.222"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972610/; classtype:trojan-activity;sid:81835710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/ki0k/"; depth:15; endswith; nocase; http.host; content:"buyitnowtoday.net"; depth:17; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972609/; classtype:trojan-activity;sid:81835709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/j4bdkyuliyciswvfzwkjlyah9l/"; depth:36; endswith; nocase; http.host; content:"propertybrokers.cl"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972608/; classtype:trojan-activity;sid:81835708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/referer/nasn0r13ipvuc4pkbbykttb7caqlmaas3ayphov5o7q1wnzls700vfjjqcu6ssd22schg/"; depth:79; endswith; nocase; http.host; content:"www.onyxmedia.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972607/; classtype:trojan-activity;sid:81835707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/223/xaccszmvju53r4noxhabvjzpfydwauphnnwvbayr1119my3rgk9ypbkf4n/"; depth:64; endswith; nocase; http.host; content:"extremejoy.live"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972606/; classtype:trojan-activity;sid:81835706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.47.100.51"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972605/; classtype:trojan-activity;sid:81835705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.55.24"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972604/; classtype:trojan-activity;sid:81835704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/n3/"; depth:13; endswith; nocase; http.host; content:"canadabrightway.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972601/; classtype:trojan-activity;sid:81835701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/h/"; depth:10; endswith; nocase; http.host; content:"infoquick.co.uk"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972603/; classtype:trojan-activity;sid:81835703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reference/ubpv/"; depth:16; endswith; nocase; http.host; content:"schmuckfeder.net"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972602/; classtype:trojan-activity;sid:81835702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.109.56.189"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972600/; classtype:trojan-activity;sid:81835700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.200.73"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972599/; classtype:trojan-activity;sid:81835699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.103.82.126"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972598/; classtype:trojan-activity;sid:81835698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.154.138"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972597/; classtype:trojan-activity;sid:81835697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/upload/banner/2015/10-29/nqtstl6ujcjza.php"; depth:50; endswith; nocase; http.host; content:"frnnet.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972596/; classtype:trojan-activity;sid:81835696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oficial-main/oficial/php/hv99pmz55xaed.php"; depth:43; endswith; nocase; http.host; content:"1service.ca"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972595/; classtype:trojan-activity;sid:81835695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/careerbodhan/wp-includes/text/diff/engine/4o9qyubs0qoxr9.php"; depth:61; endswith; nocase; http.host; content:"skswebsites.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972593/; classtype:trojan-activity;sid:81835693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/comments/system/vendor/michelf/php-markdown/obmiiynifdcab.php"; depth:62; endswith; nocase; http.host; content:"cosm.cc"; depth:7; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972594/; classtype:trojan-activity;sid:81835694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/otros/sitepad-data/themes/residency/data/vs5kowmij5.php"; depth:56; endswith; nocase; http.host; content:"cwodi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972592/; classtype:trojan-activity;sid:81835692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jimmychesterfield.com/wp-includes/simplepie/decode/html/fsbbr2ffdisdxw.php"; depth:75; endswith; nocase; http.host; content:"dev.unitedwebgroup.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972591/; classtype:trojan-activity;sid:81835691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dillon_does/dillons_website/tutorial_resources/c_tutorials/img/b9rmkewx.php"; depth:76; endswith; nocase; http.host; content:"dillondoes.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972589/; classtype:trojan-activity;sid:81835689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/revslider/includes/framework/ldka2hj4fi.php"; depth:63; endswith; nocase; http.host; content:"l2build.co.uk"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972590/; classtype:trojan-activity;sid:81835690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/sodium_compat/src/core32/chacha20/fmrksoqnjc8ldal.php"; depth:66; endswith; nocase; http.host; content:"ayeyi.biz"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972586/; classtype:trojan-activity;sid:81835686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/mage/adminhtml/product/composite/fsctutyq4wrx.php"; depth:53; endswith; nocase; http.host; content:"swicoservers.co.uk"; depth:18; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972587/; classtype:trojan-activity;sid:81835687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vendor/incenteev/composer-parameter-handler/tests/fixtures/z8w6okdbyk.php"; depth:74; endswith; nocase; http.host; content:"dev1.tritschler-wunschliste.com"; depth:31; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972588/; classtype:trojan-activity;sid:81835688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"148.103.51.2"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972585/; classtype:trojan-activity;sid:81835685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/spaijd11/functions/tax-meta-class/igeuaxe4g.php"; depth:66; endswith; nocase; http.host; content:"cydpm.com.pe"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972584/; classtype:trojan-activity;sid:81835684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/src/js/datatables/jquery/dist/ihgyhwhvz.php"; depth:44; endswith; nocase; http.host; content:"ndfarms.dairycare.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972583/; classtype:trojan-activity;sid:81835683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vendor/pear-pear.php.net/crypt_gpg/data/crypt_gpg/r7dlca1bl.php"; depth:64; endswith; nocase; http.host; content:"poczta.zapobiegaj.org.pl"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972582/; classtype:trojan-activity;sid:81835682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.154.138"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972581/; classtype:trojan-activity;sid:81835681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/log/bdoiiglty3z2fagwjne5ghgikus/"; depth:33; endswith; nocase; http.host; content:"vegadelcasero.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972580/; classtype:trojan-activity;sid:81835680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.105.17"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972579/; classtype:trojan-activity;sid:81835679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j/6wrkzpvzvp7jnutsm4yoq4he37towc4ho4/"; depth:38; endswith; nocase; http.host; content:"fayrewinds.org"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972578/; classtype:trojan-activity;sid:81835678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url|3f|a=http%3a%2f%2fvegadelcasero.cl%2flog%2fbdoiiglty3z2fagwjne5ghgikus%2f|7c|26|7c|c=e,1,rvz-umslytwwvkd8kpkieposi9yii-jpxv-izlfzwh_coopab5jusorfjuqhkexgzlevpm1fpagra-ao_knxu6yn-yl2izmpizx3mgvo4ofexjwxyqe,|7c|26|7c|typo=1/"; depth:227; endswith; nocase; http.host; content:"linkprotect.cudasvc.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972577/; classtype:trojan-activity;sid:81835677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.109.56.189"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972576/; classtype:trojan-activity;sid:81835676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.16.93"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972575/; classtype:trojan-activity;sid:81835675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.122.207"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972574/; classtype:trojan-activity;sid:81835674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.9.175.225"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972573/; classtype:trojan-activity;sid:81835673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.16.93"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972572/; classtype:trojan-activity;sid:81835672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.122.207"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972571/; classtype:trojan-activity;sid:81835671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/netbot.spc"; depth:16; endswith; nocase; http.host; content:"179.43.140.169"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972570/; classtype:trojan-activity;sid:81835670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fonts/2ny5sssuasgwvy6voqws7ktnd0rvtgcuww083bxccly2sgkrwgn0bueibuiqhz/"; depth:70; endswith; nocase; http.host; content:"edwesome.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972569/; classtype:trojan-activity;sid:81835669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.54.166"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972568/; classtype:trojan-activity;sid:81835668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.sh4"; depth:14; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972566/; classtype:trojan-activity;sid:81835666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.sparc"; depth:16; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972567/; classtype:trojan-activity;sid:81835667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.arm4"; depth:15; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972559/; classtype:trojan-activity;sid:81835659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.arm5"; depth:15; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972565/; classtype:trojan-activity;sid:81835665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.arm6"; depth:15; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972562/; classtype:trojan-activity;sid:81835662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.arm7"; depth:15; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972560/; classtype:trojan-activity;sid:81835660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.i586"; depth:15; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972558/; classtype:trojan-activity;sid:81835658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.i686"; depth:15; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972561/; classtype:trojan-activity;sid:81835661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.m68k"; depth:15; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972557/; classtype:trojan-activity;sid:81835657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.mips"; depth:15; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972564/; classtype:trojan-activity;sid:81835664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.mpsl"; depth:15; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972556/; classtype:trojan-activity;sid:81835656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luftwafee.ppc"; depth:14; endswith; nocase; http.host; content:"194.37.82.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972563/; classtype:trojan-activity;sid:81835663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.132.154"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972555/; classtype:trojan-activity;sid:81835655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.125.30"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972553/; classtype:trojan-activity;sid:81835653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.176.109.235"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972554/; classtype:trojan-activity;sid:81835654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.132.154"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972552/; classtype:trojan-activity;sid:81835652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.54.166"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972550/; classtype:trojan-activity;sid:81835650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.144.238.102"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972551/; classtype:trojan-activity;sid:81835651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.39.239"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972549/; classtype:trojan-activity;sid:81835649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.157.183"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972548/; classtype:trojan-activity;sid:81835648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.172.165.37"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972547/; classtype:trojan-activity;sid:81835647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blog/yt6usk8x0/"; depth:16; endswith; nocase; http.host; content:"mywonderfulpregnancy.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972546/; classtype:trojan-activity;sid:81835646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.69.153.56"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972544/; classtype:trojan-activity;sid:81835644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.106.2.236"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972545/; classtype:trojan-activity;sid:81835645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.45.7.93"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972543/; classtype:trojan-activity;sid:81835643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.115.73.36"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972542/; classtype:trojan-activity;sid:81835642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.217.123.224"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972540/; classtype:trojan-activity;sid:81835640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.45.3.183"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972541/; classtype:trojan-activity;sid:81835641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.25.225.239"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972538/; classtype:trojan-activity;sid:81835638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.137.100"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972537/; classtype:trojan-activity;sid:81835637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.179.11"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972539/; classtype:trojan-activity;sid:81835639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"189.51.108.41"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972536/; classtype:trojan-activity;sid:81835636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.34.103"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972534/; classtype:trojan-activity;sid:81835634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.21.28"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972533/; classtype:trojan-activity;sid:81835633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.177.89"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972535/; classtype:trojan-activity;sid:81835635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.212.201.59"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972532/; classtype:trojan-activity;sid:81835632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.155.181"; depth:15; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972531/; classtype:trojan-activity;sid:81835631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.5.39"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972530/; classtype:trojan-activity;sid:81835630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.34.180.123"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972528/; classtype:trojan-activity;sid:81835628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/bin_gdupi46.bin"; depth:35; endswith; nocase; http.host; content:"leinehoomwp.bstudev.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972529/; classtype:trojan-activity;sid:81835629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.157.183"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972527/; classtype:trojan-activity;sid:81835627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.202.32"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972526/; classtype:trojan-activity;sid:81835626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.44.194"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972525/; classtype:trojan-activity;sid:81835625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/pxmtb/"; depth:11; endswith; nocase; http.host; content:"gieoduyen.vn"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972524/; classtype:trojan-activity;sid:81835624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/banner/uw/"; depth:11; endswith; nocase; http.host; content:"blog.tqdesign.vn"; depth:16; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972523/; classtype:trojan-activity;sid:81835623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/x/"; depth:11; endswith; nocase; http.host; content:"bambathamobileloans.co.za"; depth:25; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972522/; classtype:trojan-activity;sid:81835622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3325390551/5w/"; depth:15; endswith; nocase; http.host; content:"vataas.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972521/; classtype:trojan-activity;sid:81835621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vcds-throttle-w4z41/pqqn/"; depth:26; endswith; nocase; http.host; content:"buarf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972519/; classtype:trojan-activity;sid:81835619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/p/"; depth:14; endswith; nocase; http.host; content:"www.abyssos.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972520/; classtype:trojan-activity;sid:81835620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.125.30"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972518/; classtype:trojan-activity;sid:81835618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.172.165.37"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972517/; classtype:trojan-activity;sid:81835617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.44.66"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972516/; classtype:trojan-activity;sid:81835616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.51.137.252"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972515/; classtype:trojan-activity;sid:81835615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xinterlude.spc"; depth:20; endswith; nocase; http.host; content:"31.7.62.118"; depth:11; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972514/; classtype:trojan-activity;sid:81835614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.202.32"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972513/; classtype:trojan-activity;sid:81835613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/netbot.sh4"; depth:16; endswith; nocase; http.host; content:"179.43.140.169"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972512/; classtype:trojan-activity;sid:81835612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.44.194"; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972511/; classtype:trojan-activity;sid:81835611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/netbot.arm"; depth:16; endswith; nocase; http.host; content:"179.43.140.169"; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_20; reference:url, urlhaus.abuse.ch/url/972503/; classtype:trojan-activity;sid:81835603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (972504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/netbot.arm5"; depth:17; endswith; nocase; http.host; content:"179.43.140.169"; depth:14; isdataat:!1,relative;