##################################################### # MalSilo Suricata URL rules set # ##################################################### # # # Dataset generated @ 2022-10-06 21:00:03 (UTC) # # # # Use these rules at your own risk, for any # # re-publishing or integration into other # # datasets please contact malsilo [at] tuta .io # # # ##################################################### # # alert http any any -> 37.139.129.142 any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"/htdocs/qemfsterpcyccdt.exe"; nocase; depth:27; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000070; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.southernwrapanddetail.com"; http_host; depth:29; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000071; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.kavaslaskou.online"; http_host; depth:22; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000072; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.techpostlogy.com"; http_host; depth:20; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000073; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.whoobosaurus.com"; http_host; depth:20; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000074; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.starnegm.com"; http_host; depth:16; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000075; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.yukonwaltz.online"; http_host; depth:21; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000076; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.beachcoin.info"; http_host; depth:18; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000077; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.ytproducer.com"; http_host; depth:18; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000078; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.husharchive.com"; http_host; depth:19; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000079; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.carttonic.com"; http_host; depth:17; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000080; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.chtusoft.com"; http_host; depth:16; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000081; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.medwaspaike.com"; http_host; depth:19; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000082; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.wyldwyndsphotograhpy.net"; http_host; depth:28; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000083; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.mierscript.com"; http_host; depth:18; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000084; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.isippets.com"; http_host; depth:16; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000085; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.sizetmano.store"; http_host; depth:19; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000086; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.ninedetails.co.uk"; http_host; depth:21; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000087; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.ordermarijuana.email"; http_host; depth:24; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000088; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.df4bg52udwko3ir.xyz"; http_host; depth:23; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000089; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.trademiddleeast.com"; http_host; depth:23; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000090; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.littlesquadindonesia.com"; http_host; depth:28; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000091; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.calvicenterprisesvcs.co.uk"; http_host; depth:30; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000092; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.banxing.site"; http_host; depth:16; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000093; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.theremediesmusic.com"; http_host; depth:24; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000094; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.lifesaverszone.com"; http_host; depth:22; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000095; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.tstounited.co.uk"; http_host; depth:20; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000096; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.202plus.com"; http_host; depth:15; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000097; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.projectxcloud.tech"; http_host; depth:22; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000098; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.krysmar.net"; http_host; depth:15; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000099; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.prefeudalism.xyz"; http_host; depth:20; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000100; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.ohmahgawd.com"; http_host; depth:17; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000101; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.renatopersonaltrainer.site"; http_host; depth:30; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000102; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.onlinezelleaol.com"; http_host; depth:22; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000103; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.reignbag.com"; http_host; depth:16; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000104; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.luapps.com"; http_host; depth:14; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000105; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.chlofin.com"; http_host; depth:15; fast_pattern; content:"/hy29/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000106; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.eluawastudio.com"; http_host; depth:20; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000107; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.fidelityrealtytitle.com"; http_host; depth:27; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000108; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.rajacumi.com"; http_host; depth:16; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000109; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.drivemytrains.xyz"; http_host; depth:21; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000110; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.comgmaik.com"; http_host; depth:16; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000111; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.fjljq.com"; http_host; depth:13; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000112; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.wearestallions.com"; http_host; depth:22; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000113; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.authenticusspa.com"; http_host; depth:22; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000114; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.moushimonster.com"; http_host; depth:21; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000115; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.renaziv.online"; http_host; depth:18; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000116; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.momotou.xyz"; http_host; depth:15; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000117; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.completedn.xyz"; http_host; depth:18; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000118; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.xn--agroisleos-09a.com"; http_host; depth:26; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000119; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.verynicegirls.com"; http_host; depth:21; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000120; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.qdchuangyedaikuan.com"; http_host; depth:25; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000121; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.wk6agoboyxg6.xyz"; http_host; depth:20; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000122; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.thedrybonesareawakening.com"; http_host; depth:31; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000123; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.northpierangling.info"; http_host; depth:25; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000124; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.merendri.com"; http_host; depth:16; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000125; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.rekoladev.com"; http_host; depth:17; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000126; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.fdupcoffee.com"; http_host; depth:18; fast_pattern; content:"/mh76/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000127; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (downloader) Detected"; flow:established,to_server; content:"cracker.biz"; http_host; depth:11; fast_pattern; content:"/tmp/"; nocase; depth:5; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000128; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (downloader) Detected"; flow:established,to_server; content:"zdauctions.com"; http_host; depth:14; fast_pattern; content:"/tmp/"; nocase; depth:5; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000129; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (downloader) Detected"; flow:established,to_server; content:"piratia.su"; http_host; depth:10; fast_pattern; content:"/tmp/"; nocase; depth:5; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000130; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (downloader) Detected"; flow:established,to_server; content:"azd.at"; http_host; depth:6; fast_pattern; content:"/tmp/"; nocase; depth:5; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000131; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (downloader) Detected"; flow:established,to_server; content:"mordo.ru"; http_host; depth:8; fast_pattern; content:"/tmp/"; nocase; depth:5; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000132; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (downloader) Detected"; flow:established,to_server; content:"bibraktis.ru"; http_host; depth:12; fast_pattern; content:"/tmp/"; nocase; depth:5; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000133; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (downloader) Detected"; flow:established,to_server; content:"piratia-life.ru"; http_host; depth:15; fast_pattern; content:"/tmp/"; nocase; depth:5; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000134; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (downloader) Detected"; flow:established,to_server; content:"accessbsi.com"; http_host; depth:13; fast_pattern; content:"/tmp/"; nocase; depth:5; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000135; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.thediverseinvestor.com"; http_host; depth:26; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000136; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.willdevphotography.co.uk"; http_host; depth:28; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000137; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.lamkt.com"; http_host; depth:13; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000138; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.packmidias.site"; http_host; depth:19; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000139; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.alastar.online"; http_host; depth:18; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000140; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.under-storey.co.uk"; http_host; depth:22; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000141; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.propane-gallon.site"; http_host; depth:23; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000142; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.nearestfoods.com"; http_host; depth:20; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000143; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.mkba.store"; http_host; depth:14; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000144; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.yihaimaidan.net"; http_host; depth:19; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000145; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.allsecurityhub.com"; http_host; depth:22; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000146; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.singlesshirts.com"; http_host; depth:21; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000147; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.dfdr3r.site"; http_host; depth:15; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000148; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.taprotek.online"; http_host; depth:19; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000149; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.jokamet.info"; http_host; depth:16; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000150; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.betsportsvt.com"; http_host; depth:19; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000151; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.ablehair.com"; http_host; depth:16; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000152; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.shunft.xyz"; http_host; depth:14; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000153; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.daileyduo.com"; http_host; depth:17; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000154; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.tianzicheng.com"; http_host; depth:19; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000155; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.trenddetail.com"; http_host; depth:19; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000156; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.rallingslaw.com"; http_host; depth:19; fast_pattern; content:"/oy10/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000157; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.mcphiecabinetry.site"; http_host; depth:24; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000158; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.rscorecalculator.com"; http_host; depth:24; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000159; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.smokehighsociety.com"; http_host; depth:24; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000160; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.futuresmartafricanonprofit.net"; http_host; depth:34; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000161; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.soulpets.net"; http_host; depth:16; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000162; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.pdsbxw.com"; http_host; depth:14; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000163; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.aladdinmkstore.com"; http_host; depth:22; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000164; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.begonvilrestaurant.com"; http_host; depth:26; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000165; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.secured-vision-unit.com"; http_host; depth:27; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000166; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.bizcon-h.com"; http_host; depth:16; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000167; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.cadence.ink"; http_host; depth:15; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000168; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.preciuss.info"; http_host; depth:17; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000169; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.accwatercraft.com"; http_host; depth:21; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000170; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.sv388vip.xyz"; http_host; depth:16; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000171; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.bbjmw.com"; http_host; depth:13; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000172; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.texasexchange.info"; http_host; depth:22; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000173; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.deneyimrulman.online"; http_host; depth:24; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000174; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.cassettebeauty.com"; http_host; depth:22; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000175; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.thebrowandbeautyplug.com"; http_host; depth:28; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000176; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.wealthofawoman.net"; http_host; depth:22; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000177; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.swingsandthings.store"; http_host; depth:25; fast_pattern; content:"/iw01/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000178; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.aforeignexchangeblog.com"; http_host; depth:28; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000179; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.vaoiwin.info"; http_host; depth:16; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000180; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.krdz28.online"; http_host; depth:17; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000181; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.pepeksquad2.host"; http_host; depth:20; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000182; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.ycw2009.com"; http_host; depth:15; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000183; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.03c3twpfee5estjovfu2655.com"; http_host; depth:31; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000184; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.bam-bong.com"; http_host; depth:16; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000185; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.danta.ltd"; http_host; depth:13; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000186; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.euroglobalnews.info"; http_host; depth:23; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000187; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.withoutyoutube.com"; http_host; depth:22; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000188; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.kc7.club"; http_host; depth:12; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000189; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.tzjisheng.com"; http_host; depth:17; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000190; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.matsuomatsuo.com"; http_host; depth:20; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000191; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.104wn.com"; http_host; depth:13; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000192; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.minioe.com"; http_host; depth:14; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000193; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.metagwnics.com"; http_host; depth:18; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000194; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.boxberry-my.com"; http_host; depth:19; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000195; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.maisonretraiteprivee.com"; http_host; depth:28; fast_pattern; content:"/sn31/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000196; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET 0 (msg:"MalSilo MALWARE (vidar) Detected"; flow:established,to_server; content:"ioc.exchange"; http_host; depth:12; fast_pattern; content:"//@tiagoa26"; nocase; depth:11; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000197; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family vidar, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET 0 (msg:"MalSilo MALWARE (vidar) Detected"; flow:established,to_server; content:"t.me"; http_host; depth:4; fast_pattern; content:"//tigogames"; nocase; depth:11; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000198; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family vidar, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"sempersim.su"; http_host; depth:12; fast_pattern; content:"/gj18/fre.php"; nocase; depth:13; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000199; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.zipular.com"; http_host; depth:15; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000200; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.prepasigma.com"; http_host; depth:18; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000201; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.esenbook.com"; http_host; depth:16; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000202; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.vazra.top"; http_host; depth:13; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000203; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.palccoyotour.com"; http_host; depth:20; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000204; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.cinq.design"; http_host; depth:15; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000205; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.arrowheadk8.site"; http_host; depth:20; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000206; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.lookastro.net"; http_host; depth:17; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000207; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.35kclub.com"; http_host; depth:15; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000208; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.dinazorpizza.com"; http_host; depth:20; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000209; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.cbbtraffic.site"; http_host; depth:19; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000210; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.zhishi68.com"; http_host; depth:16; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000211; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.hiddenapphq.net"; http_host; depth:19; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000212; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.premintbot.xyz"; http_host; depth:18; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000213; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.unverify.us"; http_host; depth:15; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000214; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.techreshendo.com"; http_host; depth:20; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000215; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.tudoristan.com"; http_host; depth:18; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000216; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.calnovi.com"; http_host; depth:15; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000217; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.ltgpd.com"; http_host; depth:13; fast_pattern; content:"/t01w/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000218; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.investesla.com"; http_host; depth:18; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000219; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.9jtfe.xyz"; http_host; depth:13; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000220; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.dlwanhui.com"; http_host; depth:16; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000221; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.mywaves.app"; http_host; depth:15; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000222; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.spechtcoimir.xyz"; http_host; depth:20; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000223; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.acu.design"; http_host; depth:14; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000224; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.40scm.com"; http_host; depth:13; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000225; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.justcallmet3.online"; http_host; depth:23; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000226; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.kingstontrio.net"; http_host; depth:20; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000227; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.cgmiller.com"; http_host; depth:16; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000228; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.i-d-y.com"; http_host; depth:13; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000229; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.cesarortizescritor.com"; http_host; depth:26; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000230; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.bestirengineering.com"; http_host; depth:25; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000231; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.asociacionalopeciamadrid.com"; http_host; depth:32; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000232; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.bffmovie.com"; http_host; depth:16; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000233; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.pdonahue.site"; http_host; depth:17; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000234; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.olafbloat.sbs"; http_host; depth:17; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000235; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.theherbalfitness.com"; http_host; depth:24; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000236; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.aprendoenperu.com"; http_host; depth:21; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000237; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.zanzibarfreight.com"; http_host; depth:23; fast_pattern; content:"/ag94/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000238; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> 37.139.129.142 any (msg:"MalSilo MALWARE (downloader) Detected"; flow:established,to_server; content:"/htdocs/nfbxtdaopkcymza.exe"; nocase; depth:27; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000239; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.qualitycarecredit.com"; http_host; depth:25; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000240; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.hainantcy.com"; http_host; depth:17; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000241; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.zenroom.top"; http_host; depth:15; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000242; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.hortus.tech"; http_host; depth:15; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000243; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.wellasoft.com"; http_host; depth:17; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000244; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.qiaolianjiguang.com"; http_host; depth:23; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000245; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.pittsburghcamping.com"; http_host; depth:25; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000246; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.myninacosmo.com"; http_host; depth:19; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000247; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.cofk.biz"; http_host; depth:12; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000248; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.lagosgoldandgemconference.com"; http_host; depth:33; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000249; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.jurere.city"; http_host; depth:15; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000250; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.jierbi.com"; http_host; depth:14; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000251; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.okgsabsr.com"; http_host; depth:16; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000252; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.qhqyzx.com"; http_host; depth:14; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000253; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.rbcmedical.biz"; http_host; depth:18; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000254; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.joki188gacor.com"; http_host; depth:20; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000255; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.tamalefesthou.com"; http_host; depth:21; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000256; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.johnnymcjohnny.com"; http_host; depth:22; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000257; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.smalltiller.com"; http_host; depth:19; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000258; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.timfusco.com"; http_host; depth:16; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000259; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.yourflyingcamera.com"; http_host; depth:24; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000260; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.bjkssl.com"; http_host; depth:14; fast_pattern; content:"/er81/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000261; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.newstz.online"; http_host; depth:17; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000262; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.stampedzhane.com"; http_host; depth:20; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000263; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.slottervipjp.xyz"; http_host; depth:20; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000264; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.maccaverns.com"; http_host; depth:18; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000265; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.bumpcard.online"; http_host; depth:19; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000266; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.thepediatricianskitchen.com"; http_host; depth:31; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000267; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.anguillasailingschool.com"; http_host; depth:29; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000268; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.bronhr.com"; http_host; depth:14; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000269; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.lzty188.com"; http_host; depth:15; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000270; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.2326285.com"; http_host; depth:15; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000271; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.auburnselectstyle.com"; http_host; depth:25; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000272; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.smartbeds-lt-2022.life"; http_host; depth:26; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000273; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.primacosta.com"; http_host; depth:18; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000274; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.tistinstitute.com"; http_host; depth:21; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000275; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.casinox-ki.xyz"; http_host; depth:18; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000276; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.yourturdburglars.com"; http_host; depth:24; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000277; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.westsernschools.com"; http_host; depth:23; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000278; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (remcos) Detected"; flow:established,to_server; content:"www.asp1641.icu"; http_host; depth:15; fast_pattern; content:"/gu5d/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000279; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.istanbulbahis239.com"; http_host; depth:24; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000280; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.immobilien-mj.com"; http_host; depth:21; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000281; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.nxteam.net"; http_host; depth:14; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000282; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.hhhzzz.xyz"; http_host; depth:14; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000283; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.subvip60.site"; http_host; depth:17; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000284; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.kkrcrzyz.xyz"; http_host; depth:16; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000285; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.groupeinvictuscorporation.com"; http_host; depth:33; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000286; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.happy-tile.com"; http_host; depth:18; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000287; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.elshadaibaterias.com"; http_host; depth:24; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000288; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.moradagroup.tech"; http_host; depth:20; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000289; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.plumberbalanced.com"; http_host; depth:23; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000290; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.dagsmith.com"; http_host; depth:16; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000291; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.thesulkies.com"; http_host; depth:18; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000292; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.7788tiepin.com"; http_host; depth:18; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000293; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.fxivcama.com"; http_host; depth:16; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000294; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.can-amexico.com"; http_host; depth:19; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000295; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.ink-desk.com"; http_host; depth:16; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000296; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.mecontaisso.com"; http_host; depth:19; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000297; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.anisaofrendas.com"; http_host; depth:21; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000298; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.originalfatfrog.com"; http_host; depth:23; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000299; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.obokbusinessbootcamp.com"; http_host; depth:28; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000300; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.elegantmuka.com"; http_host; depth:19; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000301; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.koredeiihibi.com"; http_host; depth:20; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000302; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.tazeco.info"; http_host; depth:15; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000303; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.jivraj9india.com"; http_host; depth:20; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000304; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.thinoe.com"; http_host; depth:14; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000305; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.egclass.com"; http_host; depth:15; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000306; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.zhouwuxiawu.com"; http_host; depth:19; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000307; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.luminantentertainment.com"; http_host; depth:29; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000308; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.theearthresidencia.com"; http_host; depth:26; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000309; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.zs-yaoshi.com"; http_host; depth:17; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000310; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"www.jujuskiny.com"; http_host; depth:17; fast_pattern; content:"/zgtb/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000311; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"can-sat.netai.net"; http_host; depth:17; fast_pattern; content:"/livestream/"; nocase; depth:12; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000312; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET 80 (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"can-sat.netai.net"; http_host; depth:17; fast_pattern; content:"//livestream/"; nocase; depth:13; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000313; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET 80 (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"maps.google.com"; http_host; depth:15; fast_pattern; content:"//"; nocase; depth:2; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000314; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> 37.139.129.142 any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"/htdocs/lyspwpkzigfnrbt.exe"; nocase; depth:27; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000315; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.739652.com"; http_host; depth:14; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000316; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.rtpslotlive88.com"; http_host; depth:21; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000317; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.msk-likbez.store"; http_host; depth:20; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000318; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.ddjk8.com"; http_host; depth:13; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000319; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.fenixbedrijf.com"; http_host; depth:20; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000320; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.keepsylvaniasafe.com"; http_host; depth:24; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000321; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.5959corporate.com"; http_host; depth:21; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000322; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.miamipremiumrides.com"; http_host; depth:25; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000323; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.88kk.win"; http_host; depth:12; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000324; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.farloans.com"; http_host; depth:16; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000325; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.freerubuxnoscamlol.com"; http_host; depth:26; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000326; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.leehavis4statesenate.com"; http_host; depth:28; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000327; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.pialsoudun.xyz"; http_host; depth:18; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000328; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.trafficstudio.site"; http_host; depth:22; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000329; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.sqlite.org"; http_host; depth:14; fast_pattern; content:"/2019/sqlite-dll-win32-x86-3300000.zip"; nocase; depth:38; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000330; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.holteseivthn.xyz"; http_host; depth:20; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000331; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.studio2712.com"; http_host; depth:18; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000332; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.tanfordchildrensprint.com"; http_host; depth:29; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000333; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.sampathvishwa.biz"; http_host; depth:21; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000334; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.huooks.com"; http_host; depth:14; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000335; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.backsrtreets.com"; http_host; depth:20; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000336; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.sqlite.org"; http_host; depth:14; fast_pattern; content:"/2021/sqlite-dll-win32-x86-3360000.zip"; nocase; depth:38; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000337; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.j7q4.com"; http_host; depth:12; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000338; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.turkuazmaden.com"; http_host; depth:20; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000339; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.sqlite.org"; http_host; depth:14; fast_pattern; content:"/2016/sqlite-dll-win32-x86-3120000.zip"; nocase; depth:38; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000340; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.azcarinals.com"; http_host; depth:18; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000341; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.derpallet.info"; http_host; depth:18; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000342; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.sqlite.org"; http_host; depth:14; fast_pattern; content:"/2016/sqlite-dll-win32-x86-3100000.zip"; nocase; depth:38; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000343; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.pgcmedical.com"; http_host; depth:18; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000344; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.sportmel.com"; http_host; depth:16; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000345; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.hostelromania.com"; http_host; depth:21; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000346; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.vegasgamingbars.com"; http_host; depth:23; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000347; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.mettafizzix.org"; http_host; depth:19; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000348; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.passinkeglobalservice.com"; http_host; depth:29; fast_pattern; content:"/f4ca/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000349; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (lokibot) Detected"; flow:established,to_server; content:"sempersim.su"; http_host; depth:12; fast_pattern; content:"/gk2/fre.php"; nocase; depth:12; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000350; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family lokibot, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.wlyfgj.com"; http_host; depth:14; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000351; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.texashillsandlakes.site"; http_host; depth:27; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000352; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.lfcphx.net"; http_host; depth:14; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000353; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.ttllio.com"; http_host; depth:14; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000354; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.army-construccion.com"; http_host; depth:25; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000355; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.securemyeddcard.com"; http_host; depth:23; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000356; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.jounan-lp.com"; http_host; depth:17; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000357; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.mencrypt.com"; http_host; depth:16; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000358; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.opendoorways-counseling.com"; http_host; depth:31; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000359; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.projectrepre.com"; http_host; depth:20; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000360; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.theinterviewworkout.biz"; http_host; depth:27; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000361; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.lotuscounselingsc.com"; http_host; depth:25; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000362; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.tahoetabletops.com"; http_host; depth:22; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000363; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.ouickly.com"; http_host; depth:15; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000364; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.moverscommunity.com"; http_host; depth:23; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000365; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.viveksirclass.com"; http_host; depth:21; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000366; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.llcanalytics.com"; http_host; depth:20; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000367; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.darth-bane.com"; http_host; depth:18; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000368; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (riskware) Detected"; flow:established,to_server; content:"www.5000wg.com"; http_host; depth:14; fast_pattern; content:"/cy30/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000369; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.elegantreporttodetecttoday.info"; http_host; depth:35; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000370; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.orderactivgreens.com"; http_host; depth:24; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000371; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.tipika.fr"; http_host; depth:13; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000372; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.matsuda-eye-clinic.net"; http_host; depth:26; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000373; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.joivanna.com"; http_host; depth:16; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000374; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.tjbsjh.com"; http_host; depth:14; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000375; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.mvpunchlist.com"; http_host; depth:19; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000376; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.gty0.xyz"; http_host; depth:12; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000377; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.cheatinginstitute.com"; http_host; depth:25; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000378; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.mundodino.site"; http_host; depth:18; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000379; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.slavenapeneva.com"; http_host; depth:21; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000380; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.top-notchbrief-toskimtoday.info"; http_host; depth:35; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000381; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.fineduconnect.com"; http_host; depth:21; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000382; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.anandpargaonkar.com"; http_host; depth:23; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000383; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.dundeemrc.co.uk"; http_host; depth:19; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000384; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.fu-manyi.com"; http_host; depth:16; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000385; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.quickshipfloors.com"; http_host; depth:23; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000386; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.firefanfic.com"; http_host; depth:18; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000387; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.ourbranch30225.com"; http_host; depth:22; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000388; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.terrazzoaggregatte.com"; http_host; depth:26; fast_pattern; content:"/p205/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000389; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.qtinium.biz"; http_host; depth:15; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000390; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.rongwangcantonese.com"; http_host; depth:25; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000391; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.summerpools.net"; http_host; depth:19; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000392; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.lambdaphotonics.com"; http_host; depth:23; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000393; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.apothekamagica.com"; http_host; depth:22; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000394; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.jaquesbaby.com"; http_host; depth:18; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000395; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.alfaphlebo.com"; http_host; depth:18; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000396; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.miraivoid.info"; http_host; depth:18; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000397; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.rainerbalkan.xyz"; http_host; depth:20; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000398; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.vesong-in.com"; http_host; depth:17; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000399; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.theblueprinttrainingemails.com"; http_host; depth:34; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000400; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.cinartplastik.com"; http_host; depth:21; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000401; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.hungaryjobbank.com"; http_host; depth:22; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000402; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.jiejiecool.com"; http_host; depth:18; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000403; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.shnv.info"; http_host; depth:13; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000404; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.xinjiansc.com"; http_host; depth:17; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000405; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.hkdzemsti.xyz"; http_host; depth:17; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000406; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.daatek.store"; http_host; depth:16; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000407; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.gbfm0i.biz"; http_host; depth:14; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000408; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (agenttesla) Detected"; flow:established,to_server; content:"www.ournq.com"; http_host; depth:13; fast_pattern; content:"/ez03/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000409; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.angolift.com"; http_host; depth:16; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000410; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.foukabayworkshops.com"; http_host; depth:25; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000411; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.tools-box.xyz"; http_host; depth:17; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000412; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.elenge.net"; http_host; depth:14; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000413; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.burgazgurme.com"; http_host; depth:19; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000414; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.dreadedyarn.com"; http_host; depth:19; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000415; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.timgalfas.com"; http_host; depth:17; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000416; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.orderlacabanatica.com"; http_host; depth:25; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000417; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.howork.net"; http_host; depth:14; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000418; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.hlinfid.online"; http_host; depth:18; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000419; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.cricquzz.com"; http_host; depth:16; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000420; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.powerhotelandsuites.com"; http_host; depth:27; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000421; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.vankenet.com"; http_host; depth:16; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000422; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.crownemedia.group"; http_host; depth:21; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000423; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.priscillamatsushita.com"; http_host; depth:27; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000424; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.yj3g5w7kv.com"; http_host; depth:17; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000425; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.blueriverpools.net"; http_host; depth:22; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000426; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.qmgames.info"; http_host; depth:16; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000427; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.treeoflibertyco.com"; http_host; depth:23; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000428; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.grafschaft-hauenstein.info"; http_host; depth:30; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000429; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (formbook) Detected"; flow:established,to_server; content:"www.sareecraft.com"; http_host; depth:18; fast_pattern; content:"/g2m0/"; nocase; depth:6; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000430; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (adware) Detected"; flow:established,to_server; content:"load-data.s3.pl-waw.scw.cloud"; http_host; depth:29; fast_pattern; content:"/pub-buckets/poweroff.exe"; nocase; depth:25; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000431; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family adware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET 80 (msg:"MalSilo MALWARE (adware) Detected"; flow:established,to_server; content:"load-data.s3.pl-waw.scw.cloud"; http_host; depth:29; fast_pattern; content:"//pub-buckets/poweroff.exe"; nocase; depth:26; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000432; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family adware, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"guideanceers.com"; http_host; depth:16; fast_pattern; content:"/rtns24/index.php"; nocase; depth:17; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000433; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET 80 (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"guideanceers.com"; http_host; depth:16; fast_pattern; content:"//rtns24/index.php"; nocase; depth:18; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000434; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (generic) Detected"; flow:established,to_server; content:"guideanceers.com"; http_host; depth:16; fast_pattern; content:"/rtns24/plugins/cred.dll"; nocase; depth:24; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000435; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;)